7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
mantisbt/mantisbt is vulnerable to Account Takeover. The vulnerability is due to insufficient validation of the confirmation hash and token expiration during the password reset process, allowing an attacker to reset another user’s password and take over their account.
CPE | Name | Operator | Version |
---|---|---|---|
mantisbt/mantisbt | le | 2.26.1 | |
mantisbt/mantisbt | le | 2.26.1 |
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%