PT-2026-43305 · Bugsink · Bugsink
Nuiifornet
·
Published
2026-05-26
·
Updated
2026-06-05
·
CVE-2026-47715
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bugsink versions prior to 2.2.0
Description
Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists where issue event pages accept a direct event identifier from the URL and retrieve the event without verifying that it belongs to the issue specified in the URL. This allows an authenticated user with access to one project to view event data from another project through an issue they are authorized to access. The affected views include the stacktrace, details, and breadcrumbs pages. Exploitation requires the attacker to possess a valid target event UUID, as there is no path for event enumeration and guessing UUIDs is impractical.
Recommendations
Update to version 2.2.0.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bugsink