CNNVD-202511-117 Information
CNNVD ID
CNNVD-202511-117
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在授权问题漏洞,该漏洞源于访问级别检查不足,可能导致非管理员用户通过manage_config_columns_page.php获取无权访问的私有项目配置。
Description (English)
MantisBT is a Web-based open-source deficiency tracking system for the MantisBT team. The system provides project management and deficiency tracking services in the form of Web operations. MantisBT 2.27.1 and previous versions had a mandate gap, which stemmed from inadequate access-level checks, which could lead non-administer users to access unattended private project configurations.
Hazard Level
High
Vulnerability Type
授权问题
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2 https://mantisbt.org/bugs/view.php?id=36502 https://access.redhat.com/security/cve/cve-2025-62520
Patch
https://github.com/mantisbt/mantisbt/tags
Share on: