CVE-2023-22476

2023-02-2319:15:13

Google

osv.dev

mantis bug tracker

access control

vulnerability

bug_actiongroup_ext.php

version 2.25.6

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[] parameter in bug_actiongroup_ext.php. This issue is fixed in version 2.25.6. There are no workarounds.

CPENameOperatorVersion
mantisbteqrelease-1.3.0-beta.1
mantisbteqrelease-2.0.0-beta.1
mantisbteqrelease-2.0.0-rc.1
mantisbteqrelease-2.1.1
mantisbteqrelease-2.23.0
mantisbteqrelease-1.3.0-beta.2
mantisbteqrelease-2.0.0-rc.2
mantisbteqrelease-2.0.0-beta.3
mantisbteqrelease-2.24.5
mantisbteqrelease-2.25.1

Name	Operator	Version
mantisbt	eq	release-1.3.0-beta.1
mantisbt	eq	release-2.0.0-beta.1
mantisbt	eq	release-2.0.0-rc.1
mantisbt	eq	release-2.1.1
mantisbt	eq	release-2.23.0
mantisbt	eq	release-1.3.0-beta.2
mantisbt	eq	release-2.0.0-rc.2
mantisbt	eq	release-2.0.0-beta.3
mantisbt	eq	release-2.24.5
mantisbt	eq	release-2.25.1