MantisBT is prone to a security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and gain unauthorized to the system. This may aid in further attacks.
Information
Mantisbt Mantisbt 2.2.3
Mantisbt Mantisbt 2.2.2
Mantisbt Mantisbt 2.2.1
Mantisbt Mantisbt 2.2
Mantisbt Mantisbt 2.1.3
Mantisbt Mantisbt 2.1.2
Mantisbt Mantisbt 2.1.1
Mantisbt Mantisbt 2.1
Mantisbt Mantisbt 1.3.9
Mantisbt Mantisbt 1.3.8
Mantisbt Mantisbt 1.3.7
Mantisbt Mantisbt 1.3.6
Mantisbt Mantisbt 1.3.1
Mantisbt Mantisbt 1.3
Mantisbt Mantisbt 1.2.20
Mantisbt Mantisbt 1.2.19
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- MantisBT Homepage (MantisBT)
- 0022690: CVE-2017-7615: Account verification page allows resetting any user's pa (mantisbt)
- Pre-Auth Remote Password Reset (hyp3rlinx)