Multiple vulnerabilities in mantisbt.sourceforge.net MantisBT
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-9839 CVE-2016-7111 |
| CWE-ID | CWE-20 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MantisBT Web applications / Other software |
| Vendor | mantisbt.sourceforge.net |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU35847
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-9839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes).
MitigationInstall update from vendor's website.
Vulnerable software versionsMantisBT: 2.0.0
External linkshttp://github.com/mantisbt/mantisbt/commit/1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea
http://mantisbt.org/bugs/view.php?id=24221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU39639
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7111
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsMantisBT: 1.3.0 - 1.3.0 rc2
External linkshttp://www.openwall.com/lists/oss-security/2016/08/28/1
http://www.openwall.com/lists/oss-security/2016/08/29/2
http://github.com/mantisbt/mantisbt/commit/b3511d2f
http://mantisbt.org/bugs/view.php?id=21263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
