View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020109 | mantisbt | security | public | 2015-09-14 03:26 | 2016-04-04 11:07 |
Reporter | dregad | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | duplicate | ||
Product Version | 1.2.19 | ||||
Target Version | 1.3.0-beta.3 | Fixed in Version | 1.3.0-beta.3 | ||
Summary | 0020109: CVE-2015-5059: documentation in private projects can be seen by every user | ||||
Description | This is a clone of 0019873 to track the vulnerability in 1.3.x branch | ||||
Tags | No tags attached. | ||||
MantisBT: master a4be76d6 2015-06-24 04:52 Details Diff |
Change default threshold to view project doc to VIEWER Previously it was ANYBODY, which would let any user download files from any project including private ones, even when they are not part of the team. Fixes 0019873 |
Affected Issues 0019873, 0020109 |
|
mod - config_defaults_inc.php | Diff File |