Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentGitHub_MVULNRICHMENT:CVE-2023-44394
HistoryOct 16, 2023 - 9:00 p.m.

CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT

2023-10-1621:00:46
CWE-200
GitHub_M
github.com
2
mantisbt
bug tracker
insufficient access-level checks
wiki redirection
private projects
commit 65c44883f
release 2.258
upgrade
wiki integration
disable

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

24.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects’ names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit 65c44883f which has been included in release 2.258. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( $g_wiki_enable = OFF;).

Related

prion 1
cvelist 1
github 1
osv 2
openvas 2
veracode 1
cve 1
nvd 1
freebsd 1
nessus 1
prion
prion
Design/Logic Flaw
2023-10-16 22:15:00
cvelist
cvelist
CVE-2023-44394 Disclosure of project names to unauthorized users in MantisBT
2023-10-16 21:00:46
github
github
MantisBT may disclose project names to unauthorized users
2023-10-17 14:20:36
osv
osv
MantisBT may disclose project names to unauthorized users
2023-10-17 14:20:36
CVE-2023-44394
2023-10-16 22:15:12
openvas
openvas
MantisBT < 2.25.8 Information Disclosure Vulnerability - Linux
2023-11-29 00:00:00
MantisBT < 2.25.8 Information Disclosure Vulnerability - Windows
2023-11-29 00:00:00
veracode
veracode
Information Disclosure
2023-10-18 06:19:54
cve
cve
CVE-2023-44394
2023-10-16 22:15:12
nvd
nvd
CVE-2023-44394
2023-10-16 22:15:12
freebsd
freebsd
mantis -- multiple vulnerabilities
2023-10-14 00:00:00
nessus
nessus
FreeBSD : mantis -- multiple vulnerabilities (1f0d0024-ac9c-11ee-8e91-1c697a013f4b)
2024-01-10 00:00:00

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

24.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2023-44394
prion1cvelist1github1osv2openvas2veracode1cve1nvd1freebsd1nessus1