Login Sign Up

CVE-2024-45792

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

An information disclosure vulnerability in Mantis Bug Tracker allows unprivileged registered users to retrieve other users' personal system profile information via crafted POST requests. This affects all MantisBT instances with versions before 2.26.4 that have user registration enabled.

💻 Affected Systems

Products:
  • Mantis Bug Tracker
Versions: All versions before 2.26.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user registration to be enabled and at least one registered user account.

📦 What is this software?

Mantisbt by Mantisbt

View all CVEs affecting Mantisbt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could harvest sensitive personal information from all user profiles, potentially enabling targeted social engineering, credential stuffing, or identity theft attacks.

🟠

Likely Case

Unauthorized access to user profile data including system information, preferences, and potentially contact details, leading to privacy violations.

🟢

If Mitigated

Limited exposure with proper access controls and monitoring, though some profile information may still be accessible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires registered user access and involves crafting specific POST requests to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.26.4

Vendor Advisory: https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h5q3-fjp4-2x7r

Restart Required: No

Instructions:

1. Backup your MantisBT installation and database. 2. Download MantisBT 2.26.4 from mantisbt.org. 3. Replace existing files with new version. 4. Run admin/check.php to verify installation.

🔧 Temporary Workarounds

Disable User Registration

all

Temporarily disable new user registration to prevent unauthorized access.

Set $g_allow_signup = OFF; in config_inc.php

Restrict Profile Access

all

Modify access controls to limit profile viewing permissions.

Adjust $g_view_profiles_threshold in config_inc.php to higher access level

🧯 If You Can't Patch

  • Implement network segmentation to isolate MantisBT from sensitive systems
  • Enable detailed logging and monitoring for suspicious profile access patterns

🔍 How to Verify

Check if Vulnerable:

Check MantisBT version in admin/check.php or config_defaults_inc.php for version string

Check Version:

grep -r "\$g_mantis_version" config_defaults_inc.php

Verify Fix Applied:

Verify version is 2.26.4 or later and test profile access with low-privilege user accounts

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to profile.php or similar endpoints from single user
  • Unusual pattern of profile view events

Network Indicators:

  • HTTP POST requests with crafted parameters to user profile endpoints

SIEM Query:

source="mantisbt.log" AND (uri_path="/profile.php" OR uri_path="/user_profile_page.php") AND http_method="POST" AND user_agent NOT CONTAINS "bot" | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-45792
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: September 30, 2024
Last Updated: August 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45792, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)