Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MantisBT 信息泄露漏洞
Vulnerability Description
MantisBT是MantisBT(Mantisbt)团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.24.4 之前版本存在安全漏洞,该漏洞源于actiongroup.php缺少访问检查,攻击者可利用该漏洞对潜在机密信息的完整访问。
CVSS Information
N/A
Vulnerability Type
N/A