CVE-2024-45792
Oct. 4, 2024, 1:51 p.m.
Tags
Product(s) Impacted
Mantis Bug Tracker
- 2.26.4
Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.
Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE ID: 200Date
Published: Sept. 30, 2024, 3:15 p.m.
Last Modified: Oct. 4, 2024, 1:51 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security-advisories@github.com
References
https://github.com/
security-advisories@github.com
https://github.com/
security-advisories@github.com
https://mantisbt.org/
security-advisories@github.com