PT-2026-39879 · Mantisbt+1 · Mantisbt+1
Shukla304
·
Published
2026-05-11
·
Updated
2026-05-20
·
CVE-2026-34970
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mantis Bug Tracker (MantisBT) versions prior to 2.28.2
Description
A bugnote author can access the Revisions page of a note even after losing access to the parent private issue. This leads to the disclosure of the private issue's ID and summary, although the full revision body of the bugnote remains secure.
Recommendations
Update to version 2.28.2.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mantisbt
Mantisbt/Mantisbt