Vulnerability CVE-2017-7615
Published: 2017-04-16

Description:
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.

See advisories in our WLB2 database:
Topic
Author
Date
High
Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
hyp3rlinx
16.04.2017
High
Mantis Bug Tracker 2.3.0 Remote Code Execution
Nikolas Geiselma...
19.09.2020

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mantisbt -> Mantisbt 

 References:
http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
http://www.openwall.com/lists/oss-security/2017/04/16/2
http://www.securityfocus.com/bid/97707
https://mantisbt.org/bugs/view.php?id=22690
Copyright 2024, cxsecurity.com

 

Back to Top