SB2024051317 - Multiple vulnerabilities in MantisBT

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2024-34081)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Custom Field name. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Authentication Bypass by Primary Weakness (CVE-ID: CVE-2024-34077)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insufficient access control in the registration and password reset process. A remote attacker can reset another user's password and takeover their account.

3) Information disclosure (CVE-ID: CVE-2024-34080)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• http://github.com/mantisbt/mantisbt/commit/8c6f4d8859785b67fb80ac65100ac5259ed9237d
• https://mantisbt.org/bugs/view.php?id=27304
• https://github.com/mantisbt/mantisbt/security/advisories/GHSA-93x3-m7pw-ppqm
• https://github.com/mantisbt/mantisbt/security/advisories/GHSA-99jc-wqmr-ff2q