MantisBT: master-2.28 71df1f67

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad community master-2.28 2026-05-09 05:49 master-2.28 b1c3430b
Affected Issues  0036978: CVE-2026-34970: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked
Changeset

Fix bugnote revisions access check

access_can_view_bugnote_revisions() now checks that the user can view
the bugnote's parent issue.

Fixes 0036978, GHSA-crmx-4p49-46m2 / CVE-2026-34970
mod - core/access_api.php Diff File