Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MantisBT unauthorized disclosure of private project column configuration
Vulnerability Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
MantisBT 授权问题漏洞
Vulnerability Description
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在授权问题漏洞,该漏洞源于访问级别检查不足,可能导致非管理员用户通过manage_config_columns_page.php获取无权访问的私有项目配置。
CVSS Information
N/A
Vulnerability Type
N/A