Miggo Logo
Miggo Vulnerability Database
CVE-2023-44394

CVE-2023-44394:
MantisBT may disclose project names to unauthorized users

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-44394
GHSA ID
GHSA-v642-mh27-8j6m
EPSS Score
0.51029%
CWE
CWE-200
Published
10/17/2023
Updated
11/10/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
mantisbt/mantisbtcomposer<= 2.25.72.25.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing access checks in wiki.php's project handling logic. The original code called project_ensure_exists() to verify project existence but did not call access_ensure_project_level() to validate user permissions. This allowed any authenticated user (even with minimal privileges) to brute-force project IDs and observe redirection URLs containing private project names. The patch added the missing access checks, confirming these were the critical missing security controls.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *u* to insu**i*i*nt ****ss-l*v*l ****ks on t** Wiki r**ir**tion p***, *ny us*r **n r*v**l priv*t* Proj**ts' n*m*s, *y ****ssin* wiki.p*p wit* s*qu*nti*lly in*r*m*nt** I*s. ### P*t***s P*t** un**r **v*lopm*nt. T** vuln*r**ility will ** *i

Reasoning

T** vuln*r**ility st*ms *rom missin* ****ss ****ks in wiki.p*p's proj**t **n*lin* lo*i*. T** ori*in*l *o** **ll** proj**t_*nsur*_*xists() to v*ri*y proj**t *xist*n** *ut *i* not **ll ****ss_*nsur*_proj**t_l*v*l() to v*li**t* us*r p*rmissions. T*is *l