GHSA-G582-8VWR-68H2
Vulnerability from github – Published: 2025-11-03 20:13 – Updated: 2025-11-15 02:25
VLAI?
Summary
MantisBT unauthorized disclosure of private project column configuration
Details
Impact
Due to insufficient access-level checks, any non-admin user having access to manage_config_columns_page.php (typically project managers having MANAGER role) can use the Copy From action to retrieve the columns configuration from a private project they have no access to.
Access to the reverse operation (Copy To) is correctly controlled, i.e. it is not possible to alter the private project's configuration.
Patches
The vulnerability will be fixed in MantisBT version 2.27.2.
Workarounds
None
Credits
Thanks to d3vpoo1 for reporting the issue.
Severity ?
4.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mantisbt/mantisbt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.27.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62520"
],
"database_specific": {
"cwe_ids": [
"CWE-285"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-03T20:13:26Z",
"nvd_published_at": "2025-11-04T22:16:38Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nDue to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to. \n\nAccess to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project\u0027s configuration.\n\n### Patches\nThe vulnerability will be fixed in MantisBT version 2.27.2. \n\n### Workarounds\nNone\n\n### Credits\nThanks to [d3vpoo1](https://github.com/jrckmcsb) for reporting the issue.",
"id": "GHSA-g582-8vwr-68h2",
"modified": "2025-11-15T02:25:11Z",
"published": "2025-11-03T20:13:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62520"
},
{
"type": "WEB",
"url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3"
},
{
"type": "PACKAGE",
"url": "https://github.com/mantisbt/mantisbt"
},
{
"type": "WEB",
"url": "https://mantisbt.org/bugs/view.php?id=36502"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "MantisBT unauthorized disclosure of private project column configuration"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…