Improper Management of Email Notifications in MantisBT Allows Information Disclosure

Improper Management of Email Notifications in MantisBT Allows Information Disclosure

CVE-2012-5523 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.

Learn more about our Api Penetration Testing.