漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MantisBT unauthorized disclosure of private project column configuration
Vulnerability Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
MantisBT 授权问题漏洞
Vulnerability Description
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在授权问题漏洞,该漏洞源于访问级别检查不足,可能导致非管理员用户通过manage_config_columns_page.php获取无权访问的私有项目配置。
CVSS Information
N/A
Vulnerability Type
N/A