CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45792 – MantisBT vulnerable to information disclosure with user profiles
https://notcve.org/view.php?id=CVE-2024-45792
30 Sep 2024 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34081 – MantisBT Cross-site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-34081
13 May 2024 — MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Vers... • https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34080 – MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2024-34080
13 May 2024 — MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for... • https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34077 – MantisBT user account takeover in the signup/reset password process
https://notcve.org/view.php?id=CVE-2024-34077
13 May 2024 — MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling a... • https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00 • CWE-305: Authentication Bypass by Primary Weakness CWE-620: Unverified Password Change •
CVSS: 9.7EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23830 – MantisBT Host Header Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-23830
20 Feb 2024 — MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. MantisBT es un rastreador de problemas de código abierto. • https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49802 – MantisBT LinkedCustomFields Cross-site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2023-49802
11 Dec 2023 — The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution. El... • https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44394 – Disclosure of project names to unauthorized users in MantisBT
https://notcve.org/view.php?id=CVE-2023-44394
16 Oct 2023 — MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). • https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22476 – MantisBT: Exposure of Private issues' summary to unauthorized users
https://notcve.org/view.php?id=CVE-2023-22476
23 Feb 2023 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-hf4x-6h87-hm79 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-33910
https://notcve.org/view.php?id=CVE-2022-33910
24 Jun 2022 — An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. Una vulnerabilidad de tipo XSS en MantisBT versiones anteriores a 2.25.5, permite a atacantes remotos adjuntar documentos SVG diseñados para emitir informes o notas de error. Cuando un usuario o... • https://mantisbt.org/blog/archives/mantisbt/719 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 2CVE-2022-28508
https://notcve.org/view.php?id=CVE-2022-28508
04 May 2022 — An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Se ha detectado un problema de tipo XSS en el archivo browser_search_plugin.php en MantisBT versiones anteriores a 2.25.2. La salida sin esconder del parámetro return permite a un atacante inyectar código en un campo de entrada oculto • https://github.com/YavuzSahbaz/CVE-2022-28508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •