CVE-2020-25781
N/A
N/A
Summary
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://mantisbt.org/bugs/view.php?id=27039
- http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93
- http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe
References
- https://mantisbt.org/bugs/view.php?id=27039
- http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93
- http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.