MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mantisbt | Mantisbt | 1.2.17 (including) | 1.2.17 (including) |
| Mantis | Ubuntu | lucid | * |
| Mantis | Ubuntu | precise | * |
| Mantis | Ubuntu | upstream | * |