mantisbt/mantisbt is vulnerable to Information Disclosure. The vulnerability allows any logged-in user to gain access to the Summary field of private issues if they are allowed to access group actions in the account which can lead to information disclosure.