CVE-2024-45792: 
PHP vulnerability analysis and mitigation

Mantis Bug Tracker (MantisBT), an open source issue tracker, was found to contain a vulnerability that allows unprivileged registered users to access unauthorized information. The vulnerability (CVE-2024-45792) was discovered on September 12, 2024, and fixed in version 2.26.4. The issue affects all versions up to and including 2.26.3 (GitHub Advisory).

The vulnerability stems from insufficient access control checks in the user profile functionality. Using a crafted POST request, an unprivileged registered user could manipulate the 'profile_id' parameter to access other users' personal system profiles. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and required privileges (GitHub Advisory).

The vulnerability allows unauthorized access to other users' personal system profiles, including sensitive information such as Platform, Operating System, OS version, and Description. This represents a privacy breach for affected users (GitHub Advisory).

The vulnerability has been fixed in MantisBT version 2.26.4. The fix includes the creation of two new Profile API functions (profilecanupdate() and profileensurecanupdate()) and their implementation in accountprofupdate.php and accountprofeditpage.php to ensure users can only view and update their own profiles or global ones if properly authorized. No workarounds are available for affected versions; upgrading to version 2.26.4 or later is recommended (GitHub Commit).