2 matches found
MantisBT < 2.24.5 Session Hijacking Vulnerability - Linux
MantisBT is prone to a session hijacking vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...
CVE-2009-20001
CVE-2009-20001 affects MantisBT prior to 2.24.5. The issue is that a unique cookie string assigned per user is not reset on logout, so a stolen/compromised cookie may keep the session valid and allow an attacker to log in as the victim. The description and connected records consistently state thi...