MantisBT <2.25.8 Wiki Redirection ID enumeration leaking Private Project Names
CVE-2023-44394 Published on October 16, 2023
Disclosure of project names to unauthorized users in MantisBT
MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.25.8`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`).
Vulnerability Analysis
CVE-2023-44394 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-44394 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-44394
Want to know whenever a new CVE is published for MantisBT? stack.watch will email you.
Affected Versions
mantisbt Version < 2.25.8 is affected by CVE-2023-44394Vulnerable Packages
The following package name and versions may be associated with CVE-2023-44394
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| composer | mantisbt/mantisbt | <= 2.25.7 | 2.25.8 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.