MantisBT: master e9fd168c

Author Committer Branch Timestamp Parent
dregad dregad master 2020-12-06 05:32 master 57e9b01a
Affected Issues  0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary
Changeset

Deny access to revisions if not authorized

If user is not allowed to view a revisions' parent bug or bugnote,
bug_revision_view_page.php now shows an Access Denied error, instead
of showing the bug Id and Summary (information disclosure).

Fixes 0027370

mod - bug_revision_view_page.php Diff File