SCA: security update for mantisbt/mantisbt (GHSA-q747-c74m-69pr)

medium Tenable Self-Hosted Container Security Plugin ID 435918

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user
edits their profile to change their e-mail address, the system saves it without validating that it
actually belongs to the user. This could result in storing an invalid email address, preventing the user
from receiving system notifications. Notifications sent to another person's email address could lead to
information disclosure. This issue is fixed in version 2.27.2. (CVE-2025-55155)

See Also

https://github.com/advisories/GHSA-q747-c74m-69pr

Plugin Details

Severity: Medium

ID: 435918

Version: Revision 1.10

Type: Local

Family: SCA Checks

Published: 11/4/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.1

Percentile: 7.66

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2025-55155

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/3/2025

Vulnerability Publication Date: 11/3/2025

Reference Information

CVE: CVE-2025-55155