Improper Management of Email Notifications in MantisBT Allows Information Disclosure
CVE-2012-5523 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:N
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
Learn more about our Api Penetration Testing.