Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MantisBT 1.x < 1.3.0-beta.1 Information Disclosure

Medium

Synopsis

The remote web server is hosting an outdated web application that is vulnerable to an information disclosure attack vector.

Description

Versions of MantisBT 1.x prior to 1.3.0-beta.1 are affected by a flaw in the Reminder feature in the 'bug_reminder_page.php' script that is due to the program exposing sensitive information of private tickets to unauthorized remote attackers.

Solution

Upgrade to MantisBT 1.3.0-beta.1 or later.