CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
EPSS
Percentile
70.9%
core/email_api.php in MantisBT before 1.2.12 does not properly manage the
sending of e-mail notifications about restricted bugs, which might allow
remote authenticated users to obtain sensitive information by adding a note
to a bug before losing permission to view that bug.