VULHUB ™

Mantis is reported prone to multiple information disclosure vulnerabilities. The following specific issues are reported: It is reported that users added to a project and then removed from the project may still receive updates for bugs that they have set themselves to monitor. Additionally it is reported that a user may view stats of all projects even though the user is only assigned to a single project. An attacker may employ information that is harvested from exploitation of these vulnerabilities to aid in further attacks that are launched against a target network.

Mantis is reported prone to multiple information disclosure vulnerabilities. The following specific issues are reported: It is reported that users added to a project and then removed from the project may still receive updates for bugs that they have set themselves to monitor. Additionally it is reported that a user may view stats of all projects even though the user is only assigned to a single project. An attacker may employ information that is harvested from exploitation of these vulnerabilities to aid in further attacks that are launched against a target network.