PT-2026-39877 · Mantisbt · Mantisbt
Published
2026-05-11
·
Updated
2026-05-19
·
CVE-2026-34744
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mantis Bug Tracker (MantisBT) versions prior to 2.82.2
Description
MantisBT allows a user to list and download their own attachments from an issue created by another user, even after the issue has been marked as private and read access has been revoked. This results in a minimal loss of confidentiality since only attachments previously uploaded by the user themselves remain accessible.
Recommendations
Update to version 2.82.2.
Fix
Improper Preservation of Permissions
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mantisbt