CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62520 – MantisBT unauthorized disclosure of private project column configuration
https://notcve.org/view.php?id=CVE-2025-62520
04 Nov 2025 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manage_config_columns_page.php can use the Copy From action to retrieve the columns configuration from a private project they have no access to. This issue is fixed in version 2.27.2. • https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55155 – MantisBT: Authentication bypass for some passwords due to PHP type juggling
https://notcve.org/view.php?id=CVE-2025-55155
04 Nov 2025 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2. • https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47776 – MantisBT: Authentication bypass for some passwords due to PHP type juggling
https://notcve.org/view.php?id=CVE-2025-47776
04 Nov 2025 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, ... • https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46556 – MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length
https://notcve.org/view.php?id=CVE-2025-46556
04 Nov 2025 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2. • https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45792 – MantisBT vulnerable to information disclosure with user profiles
https://notcve.org/view.php?id=CVE-2024-45792
30 Sep 2024 — Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4. • https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34081 – MantisBT Cross-site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-34081
13 May 2024 — MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Vers... • https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34080 – MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2024-34080
13 May 2024 — MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for... • https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34077 – MantisBT user account takeover in the signup/reset password process
https://notcve.org/view.php?id=CVE-2024-34077
13 May 2024 — MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling a... • https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00 • CWE-305: Authentication Bypass by Primary Weakness CWE-620: Unverified Password Change •
CVSS: 9.7EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23830 – MantisBT Host Header Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-23830
20 Feb 2024 — MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. MantisBT es un rastreador de problemas de código abierto. • https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44394 – Disclosure of project names to unauthorized users in MantisBT
https://notcve.org/view.php?id=CVE-2023-44394
16 Oct 2023 — MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). • https://github.com/mantisbt/mantisbt/commit/65c44883f9d24f3ccef066fb523c93d8fdd7afc1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •