4.3
CVE-2026-34754
- EPSS 0.25%
- Veröffentlicht 19.05.2026 23:05:27
- Zuletzt bearbeitet 20.05.2026 14:06:33
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
MantisBT allows unauthorized users to upload attachments to restricted issues via REST API
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellermantisbt
≫
Produkt
mantisbt
Version
< 2.28.2
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.157 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-h4x5-gvx6-3rwc
https://github.com/mantisbt/mantisbt/commit/b262b4d2835b81394d75356dead66e52a6275206
https://mantisbt.org/bugs/view.php?id=36976