Description

MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available.

INFO

Published Date :

2024-05-13T15:35:00.399Z

Last Modified :

2024-08-02T02:42:59.815Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34080 vulnerability.

Vendors Products
Mantisbt
  • Mantisbt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34080.

URL Resource
https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 cve-icon cve-icon cve-icon
https://github.com/mantisbt/mantisbt/pull/2000 cve-icon cve-icon cve-icon
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q cve-icon cve-icon cve-icon
https://mantisbt.org/bugs/view.php?id=34434 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact