CVE-2023-22476 MEDIUM

CVE-2023-22476: MantisBT: Exposure of Private issues' summary to unauthorized users

Vendor Mantisbt

Product mantisbt

Weakness CWE-200 · Info exposure

Published February 23, 2023

Last update March 10, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.

Key dates

02Disclosure timeline

February 23, 2023 CVE published

March 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22476

Related vulnerabilities

04Related CVE

CVE-2023-49822 WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere CVE-2014-0778 Progea Movicon SCADA Exposure of Sensitive Information to an Unauthorized Actor CVE-2025-11794 Password hash and MFA secret returned in user email verification endpoint CVE-2024-22154 WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Sensitive Data Exposure