VYPR
Moderate severityNVD Advisory· Published Jan 29, 2021· Updated Aug 4, 2024

CVE-2020-29603

CVE-2020-29603

Description

In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mantisbt/mantisbtPackagist
< 2.24.42.24.4

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.