Описание
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.
Ссылки
- Patch
- Issue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.27.2 (исключая)
cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.0002
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-201
Связанные уязвимости
CVSS3: 5.4
debian
3 месяца назад
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...
CVSS3: 5.4
github
3 месяца назад
MantisBT lacks verification when changing a user's email address
EPSS
Процентиль: 5%
0.0002
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-201