Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.3AI score0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 12:29 a.m.14 views

EUVD-2026-30820

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:29 a.m.7 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 12:29 a.m.9 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 12:29 a.m.43 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS0.0034EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 12:29 a.m.19 views

CVE-2026-33052

MantisBT (MantisBT) versions 2.28.0 and 2.28.1 permit a low-privileged authenticated user with add_profile_threshold to create a global profile by tampering with the user_id in a profile-creation request, enabling an authorization bypass. The issue is fixed in version 2.28.2. Affected component: ...

5.3CVSS5.7AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39873

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 2.28.0 through 2.28.1 Description A low-privileged authenticated user with the add profile threshold permission can create a global profile even without the manage global profile threshold permission. This ...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References7
Rows per page
Query Builder