MantisBT: master 1fbcd9bc
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master | 2018-04-25 08:31 | master-2.13 88913cb3 |
Affected Issues | 0024221: CVE-2018-9839: Private issues accessible to unauthorized users using the "Clone" functionality | |||
Changeset | Prevent cloning private issues by unauthorized users Using a crafted request on bug_report_page.php (modifying the 'm_id' Credits to Mustafa Hasan (strukt) strukt93@gmail.com for the finding. @atrol noted that the same vulnerability also existed in bug_report.php, Added an access level check, so that the operation now fails with an Fixes 0024221, CVE-2018-9839 Using a crafted request on bug_report_page.php (modifying the 'm_id' Added an access level check, so that the operation now fails with an Credits to Mustafa Hasan (strukt) strukt93@gmail.com for the finding. Fixes 0024221 |
|||
mod - bug_report.php | Diff File | |||
mod - bug_report_page.php | Diff File |