Vulnerabilities > CVE-2020-25781 - Missing Authorization vulnerability in Mantisbt

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mantisbt
CWE-862

Summary

An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.

Vulnerable Configurations

Part Description Count
Application
Mantisbt
172

Common Weakness Enumeration (CWE)