CNNVD-202511-128 Information
CNNVD ID
CNNVD-202511-128
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在安全漏洞,该漏洞源于身份验证代码中使用松散比较而非严格比较,可能导致攻击者利用特定MD5哈希值绕过身份验证。
Description (English)
MantisBT is a Web-based open-source deficiency tracking system for the MantisBT team. The system provides project management and deficiency tracking services in the form of Web operations. There is a security loophole in MantisBT 2.27.1 and earlier versions, which stems from the use of loose rather than strict comparisons in the identification code, which may lead the attackers to bypass identification by using specific MD5 HS values.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
MantisBT
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37 https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2 https://access.redhat.com/security/cve/cve-2025-47776
Patch
https://github.com/mantisbt/mantisbt/tags
Share on: