Unknown · Mantis Bug Tracker · CVE-2024-45792
Name of the Vulnerable Software and Affected Versions:
Mantis Bug Tracker (MantisBT) versions prior to 2.26.4
Description:
The issue allows an unprivileged, registered user to retrieve information about other users' personal system profiles using a crafted POST request. This can lead to the disclosure of private system profiles, including platform, OS, OS version, and description.
Recommendations:
For versions prior to 2.26.4, update to version 2.26.4 to resolve the issue.
At the moment, there is no information about other workarounds for this vulnerability.