GitHub_MVULNRICHMENT:CVE-2024-34080CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn’t have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available.
CNA Affected
[
{
"vendor": "mantisbt",
"product": "mantisbt",
"versions": [
{
"version": "< 2.26.2",
"status": "affected"
}
]
}
]Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%