View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0031086 | mantisbt | security | public | 2022-10-08 07:41 | 2023-02-22 19:23 |
Reporter | d3vpoo1 | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 2.25.5 | ||||
Target Version | 2.25.6 | Fixed in Version | 2.25.6 | ||
Summary | 0031086: CVE-2023-22476: Private issue summary disclosure | ||||
Description | Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[] parameter in bug_actiongroup_ext.php. GitHub security advisory | ||||
Steps To Reproduce |
| ||||
Additional Information | Original report: | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Hi team, Checking for any possible update regarding this issue. Thanks |
|
Sorry, that completely fell off the radar... The end of 2022 has been hectic. Thanks for the reminder, I will look into it. |
|
Vulnerability is confirmed. |
|
Trying something new, requesting a CVE via GitHub advisories instead of asking MITRE. https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79 |
|
@d3vpoo1 you should now have access to the private temporary repository linked to the advisory Your feedback on the proposed patch would be appreciated (this is pretty much the same fix as 0027727) |
|
CVE-2023-22476 assigned |
|
Thank you team |
|
Sorry for the delay in releasing this, I've been busy. Planning to cut the release today. |
|
MantisBT: master-2.25 840a4e80 2023-01-06 20:16 Details Diff |
Prevent disclosure of private issue summary Insufficient access level checks allowed an attacker to display private issues' summary via Group Actions (bug_actiongroup_ext.php). Going through the provided list of issue IDs (bug_arr[]) and removing any issues the user does not have access to, fixes the vulnerability. Credits to d3vpoo1 (https://github.com/jrckmcsb) for reporting the issue. Fixes 0031086, CVE-2023-22476 |
Affected Issues 0031086 |
|
mod - bug_actiongroup_ext.php | Diff File |