Mantis Bug Tracker - Forums


https://mantisbt.org/forums/

Mantis 1.2.19 vulnerability

https://mantisbt.org/forums/viewtopic.php?t=22938

Page 1 of 1

Mantis 1.2.19 vulnerability

Posted: 17 Feb 2015, 22:54
by plmaltais
Hi,

I found a vulnerability in the current stable release of MantisBT (1.2.19). Using this vulnerability, an unauthenticated user can hijack another user account. Please provide an email address where I can send the vulnerability informations. I will release the technical details of the attack on my blog 90 days after this post.

Thank you,

Pier-Luc Maltais

Re: Mantis 1.2.19 vulnerability

Posted: 18 Feb 2015, 07:08
by atrol
Please follow the instructions at https://www.mantisbt.org/wiki/doku.php/ ... y_problems

Re: Mantis 1.2.19 vulnerability

Posted: 19 Feb 2015, 23:43
by Rez
Mr. Pier-Luc Maltais , Isn't it would be better if you share your vulnerability information here?
Thanks

Re: Mantis 1.2.19 vulnerability

Posted: 20 Feb 2015, 07:06
by atrol
Rez wrote:Isn't it would be better if you share your vulnerability information here?
Why? Is there any advantage for MantisBT users?

Re: Mantis 1.2.19 vulnerability

Posted: 21 Feb 2015, 22:33
by Rez
Well, not sure, Just want to see the things :)

Re: Mantis 1.2.19 vulnerability

Posted: 22 Feb 2015, 16:03
by atrol
Rez wrote:Just want to see the things :)
Also attackers.
Still no advantage for MantisBT users ;-)

Re: Mantis 1.2.19 vulnerability

Posted: 22 Feb 2015, 23:39
by Rez
:D

Re: Mantis 1.2.19 vulnerability

Posted: 27 Feb 2015, 06:42
by atrol
Rez wrote:Just want to see the things
You can now, https://www.mantisbt.org/bugs/view.php?id=19384
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited