View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0027727 | mantisbt | security | public | 2020-12-07 13:48 | 2022-10-08 09:04 |
Reporter | d3vpoo1 | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 2.24.4 | Fixed in Version | 2.24.4 | ||
Summary | 0027727: CVE-2020-29605: Disclosure of private issue summary | ||||
Description | Due to insufficient access level checks, any user allowed to perform Group Actions can get access to private Issues' Summary, using a crafted bug_actiongroup_page.php URL. Target Issues can be marked as private, or belong to a private Project. | ||||
Steps To Reproduce |
| ||||
Additional Information | This vulnerability was originally reported by @d3vpoo1 in 0027357. | ||||
Tags | No tags attached. | ||||
related to | 0027728 | closed | dregad | CVE-2020-29604: Full disclosure of private issue contents, including bugnotes and attachments |
related to | 0031086 | closed | dregad | CVE-2023-22476: Private issue summary disclosure |
child of | 0027357 | closed | dregad | Attacker can leak private information via different functionality |
MantisBT: master 12a9dcbb 2020-12-06 13:08 Details Diff |
Prevent disclosure of private issue summary Insufficient access level checks allowed an attacker to display private issues' summary via Group Actions (bug_actiongroup_page.php). Going through the provided list of issue IDs (bug_arr[]) and removing any issues the user does not have access to, fixes the vulnerability. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue. Fixes 0027727, 0027357, CVE-2020-29605 |
Affected Issues 0027357, 0027727 |
|
mod - bug_actiongroup_page.php | Diff File | ||
MantisBT: master 9322c8c9 2020-12-29 05:02 Details Diff |
Per-project cache of view_bug_threshold As suggested by @vboctor during review, the threshold can be different in each project, so we need to check them individually. Fixes 0027727 |
Affected Issues 0027727 |
|
mod - bug_actiongroup_page.php | Diff File |