CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.

Product Status

Learn more

Information not provided

References 2 Total

https://mantisbt.org/bugs/view.php?id=27357
external site
https://mantisbt.org/bugs/view.php?id=27728
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://mantisbt.org/bugs/view.php?id=27357
external site
x_transferred
https://mantisbt.org/bugs/view.php?id=27728
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 2 Total

CVE Program

References 2 Total