oss-sec mailing list archives

Re: CVE Request: XSS vulnerability in MantisBT 1.2.13

From: Damien Regad <dregad () mantisbt org>
Date: Sat, 22 Nov 2014 17:10:28 +0100

On 2014-11-20 00:11, cve-assign () mitre orgwrote:

https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
the selection list in the filters


Use CVE-2014-8986.


Thanks.

Here's some additional information to document this CVE.


Description:

The MantisBT Configuration Report page (adm_config_report.php) did notcheck that the config value retrieved from the cookie was valid,allowing XSS attacks.

The severity of this issue is mitigated by the need to have ahigh-privileged account (by default, administrator) to access theconfiguration report page.


Affected versions:
>= 1.2.13, <= 1.2.17

Fixed in versions:
1.2.18 (not yet released)

Patch:
See Github [1]

Credit:

Issue was discovered by Paul Richards, and jointly fixed by PaulRichards & Damien Regad (MantisBT Developer)


References:
Further details available in our issue tracker [2]


D. Regad
MantisBT Developer
http://www.mantisbt.org


[1] http://github.com/mantisbt/mantisbt/commit/e326b73a
[2] http://www.mantisbt.org/bugs/view.php?id=17889

Current thread:

CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 14)
- RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards (Nov 14)
  - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
    - Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Paul Richards (Nov 15)
    - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
    - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 19)
  - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
    - Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 22)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)