Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f130455560af · 2025-11-03T20:14:06.000Z
GHSA-g582-8vwr-68h2 GHSA-q747-c74m-69pr
diff --git a/advisories/github-reviewed/2025/11/GHSA-g582-8vwr-68h2/GHSA-g582-8vwr-68h2.json b/advisories/github-reviewed/2025/11/GHSA-g582-8vwr-68h2/GHSA-g582-8vwr-68h2.json
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g582-8vwr-68h2",
+  "modified": "2025-11-03T20:13:26Z",
+  "published": "2025-11-03T20:13:26Z",
+  "aliases": [
+    "CVE-2025-62520"
+  ],
+  "summary": "MantisBT unauthorized disclosure of private project column configuration",
+  "details": "### Impact\n\nDue to insufficient access-level checks, any non-admin user having access to _manage_config_columns_page.php_ (typically project managers having MANAGER role) can use the _Copy From_ action to retrieve the columns configuration from a private project they have no access to. \n\nAccess to the reverse operation (_Copy To_) is correctly controlled, i.e. it is not possible to alter the private project's configuration.\n\n### Patches\nThe vulnerability will be fixed in MantisBT version 2.27.2. \n\n### Workarounds\nNone\n\n### Credits\nThanks to [d3vpoo1](https://github.com/jrckmcsb) for reporting the issue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "mantisbt/mantisbt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.27.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-g582-8vwr-68h2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mantisbt/mantisbt/commit/4fe94f45fa2baea2aeb4b65781d2009e7b4a0bf3"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mantisbt/mantisbt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mantisbt.org/bugs/view.php?id=36502"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-11-03T20:13:26Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2025/11/GHSA-q747-c74m-69pr/GHSA-q747-c74m-69pr.json b/advisories/github-reviewed/2025/11/GHSA-q747-c74m-69pr/GHSA-q747-c74m-69pr.json
@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q747-c74m-69pr",
+  "modified": "2025-11-03T20:12:18Z",
+  "published": "2025-11-03T20:12:18Z",
+  "aliases": [
+    "CVE-2025-55155"
+  ],
+  "summary": "MantisBT lacks verification when changing a user's email address",
+  "details": "When a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user.\n\n### Impact\nThis could result in storing an invalid email address, preventing the user from receiving system notifications.\n\nNotifications sent to another person's email address could lead to information disclosure.\n\n### Patches\nFixed in 2.27.2.\n\n### Workarounds\nNone\n\n### Credits\n\nThanks to @ncrcs for discovering and reporting the issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "mantisbt/mantisbt"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.27.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-q747-c74m-69pr"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mantisbt/mantisbt/commit/21e9fbedde8553c29c0d3156e84f78157fc4f22e"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mantisbt/mantisbt"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mantisbt.org/bugs/view.php?id=36005"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-201",
+      "CWE-345"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-11-03T20:12:18Z",
+    "nvd_published_at": null
+  }
+}
