Information Disclosure Vulnerability in Mantis Bug Tracker
CVE-2024-45792

Currently unrated

Key Information:

Vendor: MantisBT
Vendor: CVE Published:; 30 September 2024

What is CVE-2024-45792?

Mantis Bug Tracker, an open source issue tracking software, has a vulnerability that allows unprivileged, registered users to exploit a crafted POST request to access personal system profiles of other users. This exposure could lead to unauthorized disclosure of sensitive information within the application. The issue has been rectified in version 2.26.4.

References

https://github.com/mantisbt/mantisbt/security/advisories/...

https://github.com/mantisbt/mantisbt/commit/ef0f820284032...

https://mantisbt.org/bugs/view.php?id=34640

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2024

MantisBT

What is CVE-2024-45792?

References

Timeline