oss-sec mailing list archives
Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 11 Jun 2012 10:42:35 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/09/2012 02:19 AM, David Hicks wrote:
CVE REQUEST #1 Title: Reporters can edit arbitrary bugnotes via SOAP API Affected: MantisBT 1.2.10 and earlier versions Not affected: MantisBT 1.2.11 Description: Roland Becker and Damien Regad (MantisBT developers) found that any user able to report issues via the SOAP interface could also modify any bugnotes (comments) created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report new issues. This vulnerability therefore impacts upon many public facing MantisBT installations. References: [1] http://www.mantisbt.org/bugs/view.php?id=14340
Please use CVE-2012-2691 for this issue.
CVE REQUEST #2 Title: delete_attachments_threshold not checked on attachment deletion Affected: MantisBT 1.2.10 and earlier versions Not affected: MantisBT 1.2.11 Description: Roland Becker (MantisBT developer) found that the delete_attachments_threshold permission was not being checked when a user attempted to delete an attachment from an issue. The more generic update_bug_threshold permission was being checked instead. MantisBT administrators may have been under the false impression that their configuration of the delete_attachments_threshold was successfully preventing unwanted users from deleting attachments. References: [1] http://www.mantisbt.org/bugs/view.php?id=14016
Please use CVE-2012-2692 for this issue.
With thanks, David Hicks MantisBT Developer #mantisbt irc.freenode.net http://www.mantisbt.org/bugs/
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP1h/7AAoJEBYNRVNeJnmT8w8QAKahNEkjgTSY7YvMkD0H3VKn NqfaAUapbeVqbeALakhUtZzRy6ZaVP8PxRFJi8rSHTtRuUbOYUa0O+yiGBL2euHr NUcxLMWHx3l1aDzEMztGAzIt1qns/znUnI1q/bWkxB2T9EdIFmQ91FPJ2YQOU3Fk Mqa5yDRFQTHmqOvMeY/gExPoRIeuHfsrgLAc7Jeq6D5k+TzKBYkclCwDleFMyh2k zF6BdKlOFffWp+PjWLp7xOtRm3Lbea3CZXAx+2pW74REGFB5LEzaqKhSoUk1AVL3 5xrUbcp+Dt0IZX2adC8Kckx3qIxys4VxeAOsy2pkqtD+Hn3RI1qdLWtPyANPywn1 DKh7toKmZo/LjByZHxhnSEbarPyaorTh8dh9FuqxcZFrs1Oxmb7VMOU4xGQZnrGf 1X5FOBRXHFnCXgvhfpvTDfyUoyWLvp8NsxIxRZhAq0IHdirqIO6huh2+eWPiqv3c eDiVu648oiyhnxzJcEJRczXUZKxRxe0yxza8s+pdHtaHZ3jXD9pM/DIssD3mtwFk VCAoRKAdxi5HCKVSZXyMPs7SlPZld8eXzpi7uqgncGiiSA8dt+F3TZCgS0llG/j2 87/r1CpXb43/sjok9GxQzU3B11/frzQPg+9ddgyXHn2WakXnVxqxosNZhVE9fJ+f Q+FtswtJ5cOR7CWjS8CM =xLig -----END PGP SIGNATURE-----
Current thread:
- CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 David Hicks (Jun 09)
- Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 Kurt Seifried (Jun 11)