Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.4AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 11:16 p.m.20 views

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS0.00363EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 10:6 p.m.3 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.9AI score0.00363EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/19 10:6 p.m.36 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS0.00363EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 10:6 p.m.9 views

CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 10:6 p.m.16 views

EUVD-2026-30996

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Mantis Bug Tracker 信息泄露漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability occurred due to the use of a custom POST request through the private issue...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.10 views

MantisBT 2.26.1 < 2.28.2 Private Issue Monitoring Authorization Bypass (GHSA-ggw7-9675-6v4v)

The version of MantisBT installed on the remote host is 2.26.1 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has an authorization bypass in private issue monitoring. CVE-2026-34579 Note that Nessus has not tested for this issue but has instead relied only...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 7:32 p.m.11 views

MantisBT has an authorization bypass in private issue monitoring

Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2024/11/15 3:53 p.m.6 views

CVE-2022-20845

creationtimestamp| type| source ---|---|--- 2024-11-15 15:53:31+00:00| seen| https://infosec.exchange/users/cve/statuses/113487774412820978...

6CVSS6.9AI score0.00175EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/05 12:0 a.m.7 views

MantisBT Information Disclosure Vulnerability

MantisBT is a popular web-based bug tracking system. Versions prior to MantisBT 1.2.18 failed to properly check permissions when monitoring an issue related to another issue sending an email, allowing remote authenticated users to access sensitive information about restricted issues...

3.5CVSS6.5AI score0.00962EPSS
Exploits0References1
Rows per page
Query Builder