CVE-2024-45792

Name of the Vulnerable Software and Affected Versions: Mantis Bug Tracker (MantisBT) versions prior to 2.26.4

Description: The issue allows an unprivileged, registered user to retrieve information about other users' personal system profiles using a crafted POST request. This can lead to the disclosure of private system profiles, including platform, OS, OS version, and description.

Recommendations: For versions prior to 2.26.4, update to version 2.26.4 to resolve the issue. At the moment, there is no information about other workarounds for this vulnerability.