You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
MantisBT Host Header Injection vulnerability
High severity
GitHub Reviewed
Published
Feb 20, 2024
in
mantisbt/mantisbt
•
Updated Feb 29, 2024
Knowing a user's email address and username, an unauthenticated attacker can hijack the user's account by poisoning the link in the password reset notification message.
Impact
Knowing a user's email address and username, an unauthenticated attacker can hijack the user's account by poisoning the link in the password reset notification message.
Patches
mantisbt/mantisbt@7055731
Workarounds
Define
$g_path
as appropriate in config_inc.php.References
https://mantisbt.org/bugs/view.php?id=19381
Credits
Thanks to the following security researchers for responsibly reporting and helping resolve this vulnerability.
References