Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25781

An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.

Published

2020-09-30T21:15:13.230

Last Modified

2024-11-21T05:18:45.163

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mantisbt	mantisbt	< 2.24.3	Yes

References

http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93 Patch, Third Party Advisory ([email protected])
http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe Patch, Third Party Advisory ([email protected])
https://mantisbt.org/bugs/view.php?id=27039 Exploit, Patch, Vendor Advisory ([email protected])
http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://mantisbt.org/bugs/view.php?id=27039 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)