View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0027101 | mantisbt | security | public | 2020-07-22 09:45 | 2020-08-15 10:44 |
Reporter | Nolan | Assigned To | atrol | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Platform | all | OS | all | OS Version | all |
Product Version | 2.0.0-beta.1 | ||||
Summary | 0027101: mantisbt<=1.1.6 Arbitrary file reading vulnerability exists | ||||
Description | I found an arbitrary file reading vulnerability with mantisbt<=1.1.6. I want to show you how to exploit the vulnerability, and then you can apply for a CVE number for me. Is this okay? | ||||
Steps To Reproduce | * | ||||
Additional Information | If successful, this is my first CVE number. I hope you guys will help me. Thank you | ||||
Tags | No tags attached. | ||||
Thanks for your report. Unfortunately, Mantis 1.1 and 1.2 are obsolete and no longer supported. If the vulnerability you discovered can still be reproduced in current releases (1.3.20 or 2.24.0), we would gladly consider fixing it. In that case, please post details including detailed steps to reproduce. |
|
When trying, use latest 2.24.1 as there are attachment related security fixes in it, see 0026631 and related ones. |
|
@Nolan, you have not responded to my previous note. If you can't confirm that the issue you reported can be reproduced in current release, I'll close this as "no change required". |
|
Solved it, thank you |
|