Mantis Bug Tracker (MantisBT) is an open source issue tracker
Mantis Bug Tracker (MantisBT) versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user with 'add_profile_threshold' permission to create a global profile. This bypasses the intended 'manage_global_profile_threshold' permission check by tampering with the 'user_id' parameter in a profile creation request. The vulnerability enables unauthorized privilege escalation.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create a global profile despite not having manage_global_profile_threshold, by tampering with the user_id parameter in a valid profile creation request. This issue has been fixed in version 2.28.2.
Low-privileged authenticated MantisBT users in versions 2.28.0 and 2.28.1 are at risk of unauthorized global profile creation, presenting a low severity issue for privilege escalation.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform