CVE-2020-25781

low-risk
Published 2020-09-30

An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Mantisbt

References (6)

Patch http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516...
Patch http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f57...
Exploit https://mantisbt.org/bugs/view.php?id=27039
Patch http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516...
Patch http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f57...
Exploit https://mantisbt.org/bugs/view.php?id=27039
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal