MantisBT: master-1.3.x 5cbf97f4
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-1.3.x | 2018-04-25 08:31 | master-1.3.x 6ad90df0 |
Affected Issues | 0024365: CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality | |||
Changeset | Prevent cloning private issues by unauthorized users Using a crafted request on bug_report_page.php (modifying the 'm_id' Credits to Mustafa Hasan (strukt) strukt93@gmail.com for the finding. @atrol noted that the same vulnerability also existed in bug_report.php, Added an access level check, so that the operation now fails with an Backported from 1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea |
|||
mod - bug_report.php | Diff File | |||
mod - bug_report_page.php | Diff File |