SB2017021717 - Multiple vulnerabilities in mantisbt.sourceforge.net MantisBT

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2018-9839)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes).

2) Cross-site scripting (CVE-ID: CVE-2016-7111)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://github.com/mantisbt/mantisbt/commit/1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea
• https://mantisbt.org/bugs/view.php?id=24221
• http://www.openwall.com/lists/oss-security/2016/08/28/1
• http://www.openwall.com/lists/oss-security/2016/08/29/2
• https://github.com/mantisbt/mantisbt/commit/b3511d2f
• https://mantisbt.org/bugs/view.php?id=21263