📦 Mantisbt

MantisBT versions before 2.26.2 have an insufficient access control vulnerability in the registration and password reset process. An attacker can reset another user's password and take over their acco...

CVE-2024-23830 is an account hijack vulnerability in MantisBT where an unauthenticated attacker can take over user accounts by poisoning password reset links. This affects all MantisBT instances prior...

Mantis Bug Tracker versions 2.27.1 and below are vulnerable to a denial-of-service attack where attackers can submit extremely long notes (over 4.7 million characters) that permanently corrupt issue a...

An information disclosure vulnerability in Mantis Bug Tracker allows unprivileged registered users to retrieve other users' personal system profile information via crafted POST requests. This affects ...

MantisBT versions before 2.26.2 have an information disclosure vulnerability where users can see metadata about notes they shouldn't have access to. When an issue references a note from another restri...