MantisBT Host Header Injection vulnerability
Description
Published by the National Vulnerability Database
Feb 20, 2024
Published to the GitHub Advisory Database
Feb 20, 2024
Reviewed
Feb 20, 2024
Last updated
Feb 29, 2024
Impact
Knowing a user's email address and username, an unauthenticated attacker can hijack the user's account by poisoning the link in the password reset notification message.
Patches
mantisbt/mantisbt@7055731
Workarounds
Define
$g_path
as appropriate in config_inc.php.References
https://mantisbt.org/bugs/view.php?id=19381
Credits
Thanks to the following security researchers for responsibly reporting and helping resolve this vulnerability.
References