Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r | vendor advisory patch |
https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41 | patch |
https://mantisbt.org/bugs/view.php?id=34640 | issue tracking |