Vulnerabilities > CVE-2020-29605 - Incorrect Authorization vulnerability in Mantisbt

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mantisbt
CWE-863

Summary

An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)

Vulnerable Configurations

Part Description Count
Application
Mantisbt
170
OS
Microsoft
1

Common Weakness Enumeration (CWE)