8 matches found
CVE-2026-34579
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2026-34579
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
EUVD-2026-30996
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
CVE-2026-34579 MantisBT has an authorization bypass via private issue monitoring
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
Mantis Bug Tracker 信息泄露漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a vulnerability related to information leakage. This vulnerability occurred due to the use of a custom POST request through the private issue...
MantisBT 2.26.1 < 2.28.2 Private Issue Monitoring Authorization Bypass (GHSA-ggw7-9675-6v4v)
The version of MantisBT installed on the remote host is 2.26.1 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has an authorization bypass in private issue monitoring. CVE-2026-34579 Note that Nessus has not tested for this issue but has instead relied only...
MantisBT has an authorization bypass in private issue monitoring
Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a private issue they do not have access to. Despite displaying an Access Denied error, the application accepts the request and creates a monitor relationship for the private...