Security Advisory

CVE-2024-23830

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-20 21:44:27

Last updated 2024-08-01 23:13:08

Assigner GitHub_M

State PUBLISHED

Description

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a users email address and username can hijack the users account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.

← Browse all CVEs View on cve.org ↗