Mantis Bug Tracker
Moderate fix1 remedy
cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 2.27.1
Mantis Bug Tracker Email Change Verification Vulnerability
Vulnerability
Patched
A vulnerability exists in Mantis Bug Tracker (MantisBT) versions through 2.27.1, where the system allows users to change their email addresses without proper verification. This lack of validation can lead to the storage of incorrect email addresses, causing users to miss important notifications. Furthermore, if notifications are mistakenly sent to an incorrect email, it could result in unauthorized information disclosure.
Impact
Exploitation of this vulnerability could lead to improper email address validation, allowing for the potential interception of email notifications meant for other users.
Reproduction
To reproduce this vulnerability, create a new account and verify the email address. Afterward, change the email address in the account settings. The new email will be updated without any verification, allowing for the possibility of receiving notifications intended for someone else.
Remediation
This vulnerability has been addressed in MantisBT version 2.27.2. Users should update to this version to ensure proper email verification.
Added: Nov 4, 2025, 9:20 PM
Updated: Nov 4, 2025, 9:20 PM
Vulnerability Rating
Custom Algorithm
spread
5.0impact
2.5exploitability
6.6remediation
7.7relevance
0.9threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.