SB2017052306 - Two vulnerabilities in MantisBT
Published: May 23, 2017
Security Bulletin ID
SB2017052306
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2017-7620)
The vulnerability allows a remote attacker to perform CSRF attacks.
The vulnerability exists due to improper validation of the HTTP request origin in 'string_api.php'. A remote attacker can create a specially specially crafted web page, trick the authenticated victim into visiting it and inject arbitrary permalinks into the mantisbt Web Interface.
Successful exploitation of the vulnerability may result in cross-site request forgery conducting.2) Open redirect (CVE-ID: N/A)
The vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists in 'return' parameter in 'login_page.php' due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link, redirect the victim on external website page.
Successful exploitation of the vulnerability may result in conducting further attacks.Remediation
Install update from vendor's website.