CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45792 – MantisBT vulnerable to information disclosure with user profiles
https://notcve.org/view.php?id=CVE-2024-45792
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r https://github.com/mantisbt/mantisbt/commit/ef0f820284032350cc20a39ff9cb2010d5463b41 https://mantisbt.org/bugs/view.php?id=34640 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34081 – MantisBT Cross-site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-34081
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags. MantisBT (Mantis Bug Tracker) es un rastreador de problemas de código abierto. • https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq https://mantisbt.org/bugs/view.php?id=34432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34080 – MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2024-34080
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. • https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 https://github.com/mantisbt/mantisbt/pull/2000 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q https://mantisbt.org/bugs/view.php?id=34434 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34077 – MantisBT user account takeover in the signup/reset password process
https://notcve.org/view.php?id=CVE-2024-34077
MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. • https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm https://mantisbt.org/bugs/view.php?id=34433 • CWE-305: Authentication Bypass by Primary Weakness CWE-620: Unverified Password Change •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23830 – MantisBT Host Header Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-23830
MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. MantisBT es un rastreador de problemas de código abierto. • https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528 https://mantisbt.org/bugs/view.php?id=19381 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •