CVE-2025-62520

Medium CVSS: 5.3

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2.

Vendor

Mantisbt

Product

Mantisbt

CWE

CWE-285

Yayın Tarihi

2025-11-04 22:16:38

Güncelleme

2025-11-10 17:55:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-285 Mantisbt MEDIUM Mantisbt 2025

Referanslar

https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2 https://mantisbt.org/bugs/view.php?id=36502

Benzer Kayıtlar

High

CVE-2026-33517

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php),…

High

CVE-2026-33548

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retriev…

Critical

CVE-2026-30849

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family database…

Medium

CVE-2025-55155

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their pro…

High

CVE-2025-47776

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===…

Medium

CVE-2025-46556

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently…