Question 1

What is CVE-2018-6526?

Accepted Answer

CVE-2018-6526 is a medium-severity software vulnerability (Information disclosure) with a CVSS score of 5.3. view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.

Question 2

Is CVE-2018-6526 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 4%.

Question 3

What products does CVE-2018-6526 affect?

Accepted Answer

Tracked products affected include MantisBT. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2018-6526?

Accepted Answer

Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version.

CVE-2018-6526

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information