CVE-2020-35849

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-35849
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35849.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-35849
Aliases
Published
2020-12-30T19:15:13.903Z
Modified
2026-04-10T04:25:57.312207Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bugrevisionviewpage.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnoteid parameter.

References

Affected packages

Git / github.com/mantisbt/mantisbt

Affected ranges

Type
GIT
Repo
https://github.com/mantisbt/mantisbt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9c763ebe40249478dad4d9ebf13d35f178178ff1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.24.4"
        }
    ]
}

Affected versions

release-1.*
release-1.2.0a1
release-1.2.0a2
release-1.2.0a3
release-1.2.0rc1
release-1.3.0-beta.1
release-1.3.0-beta.2
release-1.3.0-beta.3
release-1.3.0-rc.1
release-1.3.0-rc.2
release-2.*
release-2.0.0
release-2.0.0-beta.1
release-2.0.0-beta.2
release-2.0.0-beta.3
release-2.0.0-rc.1
release-2.0.0-rc.2
release-2.1.0
release-2.10.0
release-2.11.0
release-2.12.0
release-2.13.0
release-2.14.0
release-2.15.0
release-2.16.0
release-2.17.0
release-2.18.0
release-2.19.0
release-2.2.0
release-2.20.0
release-2.21.0
release-2.22.0
release-2.23.0
release-2.24.0
release-2.24.1
release-2.24.2
release-2.24.3
release-2.3.0
release-2.4.0
release-2.5.0
release-2.6.0
release-2.7.0
release-2.8.0
release-2.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35849.json"