PT-2023-29229 · Mantisbt · Mantisbt

Pr_Cso

·

Published

2023-10-16

·

Updated

2023-10-23

·

CVE-2023-44394

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.258
Description MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs.
Recommendations For versions prior to 2.258, upgrade to version 2.258 or later. For users unable to upgrade, disable wiki integration by setting $g wiki enable = OFF;.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-200

Related Identifiers

CVE-2023-44394
GHSA-V642-MH27-8J6M

Affected Products

Mantisbt