Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-34080

MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available.

Published

2024-05-14T15:38:29.703

Last Modified

2025-01-16T16:44:40.283

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mantisbt	mantisbt	< 2.26.2	Yes

References

https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 Patch ([email protected])
https://github.com/mantisbt/mantisbt/pull/2000 Patch ([email protected])
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q Vendor Advisory ([email protected])
https://mantisbt.org/bugs/view.php?id=34434 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mantisbt/mantisbt/pull/2000 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://mantisbt.org/bugs/view.php?id=34434 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)