Description
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://mantisbt.org/bugs/view.php?id=27039
Patch, Third Party Advisory x_refsource_misc
http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93
Patch, Third Party Advisory x_refsource_misc
http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe
Scores
CVSS v3
4.3
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (2)
mantisbt/mantisbt
< 2.24.3
mantisbt/mantisbt
0 - 2.24.3Packagist
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026