MantisBT 1.x < 1.3.0-beta.1 Information Disclosure
Medium Nessus Network Monitor Plugin ID 9890
SynopsisThe remote web server is hosting an outdated web application that is vulnerable to an information disclosure attack vector.
DescriptionVersions of MantisBT 1.x prior to 1.3.0-beta.1 are affected by a flaw in the Reminder feature in the 'bug_reminder_page.php' script that is due to the program exposing sensitive information of private tickets to unauthorized remote attackers.
SolutionUpgrade to MantisBT 1.3.0-beta.1 or later.