U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-34080

Change History

New CVE Received by NIST 5/14/2024 11:38:29 AM

Action Type Old Value New Value
Added CVSS V3.1

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Added CWE

GitHub, Inc. CWE-200
Added Description

MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available.
Added Reference

GitHub, Inc. https://github.com/mantisbt/mantisbt/commit/0a50562369d823689c9b946066d1e49d3c2df226 [No types assigned]
Added Reference

GitHub, Inc. https://github.com/mantisbt/mantisbt/pull/2000 [No types assigned]
Added Reference

GitHub, Inc. https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q [No types assigned]
Added Reference

GitHub, Inc. https://mantisbt.org/bugs/view.php?id=34434 [No types assigned]