GitHub_MVULNRICHMENT:CVE-2024-23830CVE-2024-23830 MantisBT Host Header Injection vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user’s email address and username can hijack the user’s account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define $g_path as appropriate in config_inc.php.
CNA Affected
[
{
"vendor": "mantisbt",
"product": "mantisbt",
"versions": [
{
"status": "affected",
"version": "< 2.26.1"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial