Impact
Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs.
Patches
Patch under development. The vulnerability will be fixed in MantisBT version 2.25.8.
Workarounds
Disable wiki integration ( $g_wiki_enable = OFF;)
References
Impact
Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs.
Patches
Patch under development. The vulnerability will be fixed in MantisBT version 2.25.8.
Workarounds
Disable wiki integration (
$g_wiki_enable = OFF;)References