{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T07:28:26.766","vulnerabilities":[{"cve":{"id":"CVE-2024-23830","sourceIdentifier":"security-advisories@github.com","published":"2024-02-20T22:15:08.460","lastModified":"2026-06-17T07:13:41.777","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`."},{"lang":"es","value":"MantisBT es un rastreador de problemas de código abierto. Antes de la versión 2.26.1, un atacante no autenticado que conoce la dirección de correo electrónico y el nombre de usuario de un usuario puede secuestrar la cuenta del usuario envenenando el enlace en el mensaje de notificación de restablecimiento de contraseña. Hay un parche disponible en la versión 2.26.1. Como workaround, defina `$g_path` según corresponda en `config_inc.php`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"mantisbt","product":"mantisbt","versions":[{"version":"< 2.26.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-02-21T16:05:28.582374Z","id":"CVE-2024-23830","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*","versionEndExcluding":"2.26.1","matchCriteriaId":"81B9361B-548F-4857-87ED-35D90583B988"}]}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://mantisbt.org/bugs/view.php?id=19381","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://mantisbt.org/bugs/view.php?id=19381","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}