CVE-2018-6526

Name of the Vulnerable Software and Affected Versions MantisBT version 2.10.0-development before 2018-02-02

Description The issue allows remote attackers to discover the full path via an invalid filter parameter. This is related to a filter ensure valid filter call in current user api.php. The /view all bug page.php endpoint is affected.

Recommendations For MantisBT version 2.10.0-development before 2018-02-02, update to a version released after 2018-02-02 to resolve the issue. As a temporary workaround, consider restricting access to the /view all bug page.php endpoint until a patch is available. Avoid using invalid filter parameters in the affected endpoint until the issue is resolved.