Impact
Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[]
parameter in bug_actiongroup_ext.php.
Patches
The vulnerability has been fixed in MantisBT version 2.25.6.
Workarounds
None
Credits
Thanks to d3vpoo1 for reporting the issue.
References
Impact
Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted
bug_arr[]
parameter in bug_actiongroup_ext.php.Patches
The vulnerability has been fixed in MantisBT version 2.25.6.
Workarounds
None
Credits
Thanks to d3vpoo1 for reporting the issue.
References