Information Disclosure Vulnerability in Mantis Bug Tracker
CVE-2024-45792

6.5MEDIUM

Key Information:

Vendor: MantisBT
Status: Mantisbt
Vendor: CVE Published:; 30 September 2024

What is CVE-2024-45792?

Mantis Bug Tracker, an open source issue tracking software, has a vulnerability that allows unprivileged, registered users to exploit a crafted POST request to access personal system profiles of other users. This exposure could lead to unauthorized disclosure of sensitive information within the application. The issue has been rectified in version 2.26.4.

References

https://github.com/mantisbt/mantisbt/security/advisories/...

https://github.com/mantisbt/mantisbt/commit/ef0f820284032...

https://mantisbt.org/bugs/view.php?id=34640

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2024

MantisBT

What is CVE-2024-45792?

References

CVSS V3.1

Timeline