FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
2dc8927b-54e0-11eb-9342-1c697a013f4b | mantis -- multiple vulnerabilities
Mantis 2.24.4 release reports:
Security and maintenance release, addressing 6 CVEs:
- 0027726: CVE-2020-29603: disclosure of private project name
- 0027727: CVE-2020-29605: disclosure of private issue summary
- 0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments
- 0027361: Private category can be access/used by a non member of a private project (IDOR)
- 0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls
- 0026794: User Account - Takeover
- 0027363: Fixed in version can be changed to a version that doesn't exist
- 0027350: When updating an issue, a Viewer user can be set as Reporter
- 0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary
- 0027495: CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP.
- 0027444: Printing unsanitized user input in install.php
Discovery 2020-11-10 Entry 2021-03-10 mantis-php72
mantis-php73
mantis-php74
mantis-php80
< 2.24.4,1
CVE-2020-28413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28413
CVE-2020-35849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35849
|