CVE Tools
Sign in

CVE-2024-34077

MantisBT user account takeover in the signup/reset password process

Published: May 13, 2024Updated: Jan 16, 2025 Sources: CVE List NVD GHSACWE-305
NVD MITRE
7.3CVSSHIGH
EPSS Score
1.2%
Top 36.2%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`).

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:LI:LA:L
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:LIntegrity
Low
A:LAvailability
Low
Open in CVSS calculator →

Weaknesses

CWE-305CWE-620NVD-CWE-Other

Affected Products

mantisbtmantisbt
On-premWeb App
Enterprise Software / itsm-monitoring
mantisbt/mantisbtPackagistOSS Libraries
mantisbtoss-projectEnterprise Softwareaka mantis bt
packagistpackage-ecosystemOSS Libraries

Exploitability

Official Patch Available
Workaround Available

References

https://github.com/mantisbt/mantisbt/commit/92d11a01b195a1b6717a2f205218089158ea6d00
github.com
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm
github.com
https://mantisbt.org/bugs/view.php?id=34433
mantisbt.org
and 2 more references View all →

Timeline

Published
May 13, 2024
Last Updated
Jan 16, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-34077 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows