MantisBT: master b2da7352
|dregad||dregad||master||2020-12-06 18:43:41||master 9322c8c9|
|Affected Issues||0027357: Attacker can leak private information via different functionality|
|0027728: CVE-2020-29604: Full disclosure of private issue contents, including bugnotes and attachments|
Prevent full private issue disclosure
Missing access check in bug_actiongroup.php allows an attacker with
Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting the issue.
|mod - bug_actiongroup.php||Diff File|