CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34081 – MantisBT Cross-site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-34081
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags. MantisBT (Mantis Bug Tracker) es un rastreador de problemas de código abierto. • https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq https://mantisbt.org/bugs/view.php?id=34432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34080 – MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2024-34080
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. • https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 https://github.com/mantisbt/mantisbt/pull/2000 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q https://mantisbt.org/bugs/view.php?id=34434 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34077 – MantisBT user account takeover in the signup/reset password process
https://notcve.org/view.php?id=CVE-2024-34077
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. • https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm https://mantisbt.org/bugs/view.php?id=34433 • CWE-305: Authentication Bypass by Primary Weakness CWE-620: Unverified Password Change •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23830 – MantisBT Host Header Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-23830
MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. MantisBT es un rastreador de problemas de código abierto. • https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528 https://mantisbt.org/bugs/view.php?id=19381 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44394 – Disclosure of project names to unauthorized users in MantisBT
https://notcve.org/view.php?id=CVE-2023-44394
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). • https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-v642-mh27-8j6m https://mantisbt.org/bugs/view.php?id=32981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •