CNNVD-202511-121 Information
CNNVD ID
CNNVD-202511-121
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在安全漏洞,该漏洞源于更改电子邮件地址时未验证所有权,可能导致信息泄露。
Description (English)
MantisBT is a Web-based open-source deficiency tracking system for the MantisBT team. The system provides project management and deficiency tracking services in the form of Web operations. MantisBT 2.27.1 and previous versions had a security loophole, which arose from the failure to verify ownership when changing e-mail addresses, which could lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
MantisBT
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr https://mantisbt.org/bugs/view.php?id=36005 https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e https://access.redhat.com/security/cve/cve-2025-55155
Patch
https://github.com/mantisbt/mantisbt/tags
Share on: