SCA: security update for mantisbt/mantisbt (GHSA-93x3-m7pw-ppqm)

high Tenable Cloud Security Plugin ID 413008

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the
registration and password reset process allows an attacker to reset another user's password and takeover
their account, if the victim has an incomplete request pending. The exploit is only possible while the
verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened,
and the user did not complete the process by updating their password. A brute-force attack calling
account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker
full access to the compromised account, including sensitive information and functionalities associated
with the account, the extent of which depends on its privileges and the data it has access to. Version
2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the
verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in
`constants_inc.php`). (CVE-2024-34077)

See Also

https://github.com/advisories/GHSA-93x3-m7pw-ppqm

Plugin Details

Severity: High

ID: 413008

Version: Revision 1.5

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.8

Percentile: 22.59

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2024-34077

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/13/2024

Vulnerability Publication Date: 5/13/2024

Reference Information

CVE: CVE-2024-34077