MantisBT CVE-2017-7615 Security Bypass Vulnerability



MantisBT is prone to a security-bypass vulnerability.

An attacker can leverage this issue to bypass security restrictions and gain unauthorized to the system. This may aid in further attacks.

Information

Bugtraq ID: 97707
Class: Design Error
CVE: CVE-2017-7615

Remote: Yes
Local: No
Published: Apr 16 2017 12:00AM
Updated: Apr 16 2017 12:00AM
Credit: hyp3rlinx
Vulnerable: Mantisbt Mantisbt 2.3
Mantisbt Mantisbt 2.2.3
Mantisbt Mantisbt 2.2.2
Mantisbt Mantisbt 2.2.1
Mantisbt Mantisbt 2.2
Mantisbt Mantisbt 2.1.3
Mantisbt Mantisbt 2.1.2
Mantisbt Mantisbt 2.1.1
Mantisbt Mantisbt 2.1
Mantisbt Mantisbt 1.3.9
Mantisbt Mantisbt 1.3.8
Mantisbt Mantisbt 1.3.7
Mantisbt Mantisbt 1.3.6
Mantisbt Mantisbt 1.3.1
Mantisbt Mantisbt 1.3
Mantisbt Mantisbt 1.2.20
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0


Not Vulnerable:

Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts

Comments