CVE-2009-20001
First published: Sun Mar 07 2021(Updated: )
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mantisbt Mantisbt | <2.24.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-20001?
The severity of CVE-2009-20001 is high with a score of 8.1.
How does CVE-2009-20001 affect MantisBT?
CVE-2009-20001 affects MantisBT versions up to and including 2.24.5.
What is the impact of CVE-2009-20001?
CVE-2009-20001 allows an attacker to login as a user if they gain access to the user's cookie.
Is there a fix available for CVE-2009-20001?
Yes, the fix for CVE-2009-20001 is included in MantisBT version 2.24.6 and later.
Where can I find more information about CVE-2009-20001?
You can find more information about CVE-2009-20001 in the MantisBT bug reports: [link1](https://mantisbt.org/bugs/view.php?id=27976) and [link2](https://mantisbt.org/bugs/view.php?id=11296).
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mantisbt
- canonical/mantisbt mantisbt