CVE-2025-46556

Medium CVSS: 6.5

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2.

Vendor

Mantisbt

Product

Mantisbt

CWE

CWE-770

Yayın Tarihi

2025-11-04 01:15:33

Güncelleme

2025-11-07 18:30:03

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-770 Mantisbt MEDIUM Mantisbt 2025

Referanslar

https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234 https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238 https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361 https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5

Benzer Kayıtlar

High

CVE-2026-33517

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php),…

High

CVE-2026-33548

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, improper escaping of tag names retriev…

Critical

CVE-2026-30849

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family database…

Medium

CVE-2025-62520

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-…

Medium

CVE-2025-55155

Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their pro…

High

CVE-2025-47776

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===…