Improper Permission Check in MantisBT Allows Disclosure of Restricted Issue Information via Email

Improper Permission Check in MantisBT Allows Disclosure of Restricted Issue Information via Email

CVE-2014-9506 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.

Learn more about our User Device Pen Test.