View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0027727 | mantisbt | security | public | 2020-12-07 13:48 | 2020-12-30 07:37 |
Reporter | d3vpoo1 | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 2.24.4 | Fixed in Version | 2.24.4 | ||
Summary | 0027727: CVE-2020-29605: Disclosure of private issue summary | ||||
Description | Due to insufficient access level checks, any user allowed to perform Group Actions can get access to private Issues' Summary, using a crafted bug_actiongroup_page.php URL. Target Issues can be marked as private, or belong to a private Project. | ||||
Steps To Reproduce |
| ||||
Additional Information | This vulnerability was originally reported by @d3vpoo1 in 0027357. | ||||
Tags | No tags attached. | ||||
MantisBT: master 12a9dcbb 2020-12-06 18:08:56 Details Diff |
Prevent disclosure of private issue summary Insufficient access level checks allowed an attacker to display private issues' summary via Group Actions (bug_actiongroup_page.php). Going through the provided list of issue IDs (bug_arr[]) and removing any issues the user does not have access to, fixes the vulnerability. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue. Fixes 0027727, 0027357, CVE-2020-29605 |
Affected Issues 0027357, 0027727 |
|
mod - bug_actiongroup_page.php | Diff File | ||
MantisBT: master 9322c8c9 2020-12-29 10:02:13 Details Diff |
Per-project cache of view_bug_threshold As suggested by @vboctor during review, the threshold can be different in each project, so we need to check them individually. Fixes 0027727 |
Affected Issues 0027727 |
|
mod - bug_actiongroup_page.php | Diff File |