跳转到帖子

FreeBSD: VID-BED545C6-BDB8-11ED-BCA8-A33124F1BEB1 (CVE-2023-22476): mantis -- multiple vulnerabilities

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

FreeBSD: VID-BED545C6-BDB8-11ED-BCA8-A33124F1BEB1 (CVE-2023-22476): mantis -- multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
01/06/2023
Created
03/24/2023
Added
03/23/2023
Modified
01/28/2025

Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.

Solution(s)

  • freebsd-upgrade-package-mantis-php74
  • freebsd-upgrade-package-mantis-php80
  • freebsd-upgrade-package-mantis-php81
  • freebsd-upgrade-package-mantis-php82

References

  • CVE-2023-22476
  • 引用
  • Mention
    • 查看数 695
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表