MantisBT 1.3.0-beta.1 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8907

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting MantisBT, an open source bug tracking application written in PHP.

MantisBT version 1.3.0-beta.1 is affected by the following vulnerabilities :

- A SQL injection flaw exists due to insufficient filtration of the 'MANTIS_MANAGE_USERS_COOKIE' HTTP cookie in 'manage_user_page.php' script. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2014-9573)

- A cross-site scripting (XSS) vulnerability exists due to an input validation error in the 'admin_username' and 'admin_password' GET parameters of the 'admin/install.php' script. (CVE-2014-9571)

- A flaw exists in 'admin/install.php' that could allow a remote attacker to obtain database credentials even after MantisBT has been configured. Visiting the 'install.php' script using the parameter 'install' and value of '4' would bypass access restrictions, exposing the saved database credentials in use by MantisBT. (CVE-2014-9572)

- A cross-site scripting (XSS) vulnerability exists due to a lack of input validation. Specifically, this flaw affects the 'permalink_page.php' script. (CVE-2014-9701)

- Multiple URI-redirection vulnerabilities exist due to improperly sanitized user-supplied input submitted to the 'permalink_page.php' and 'login_page.php' scripts. Specifically, these issues occur when the application is installed at the web server's root directory. An attacker can leverage these issues by constructing a URI that includes a malicious site redirection by using a redirect address having a single slash. (CVE-2015-1042)

Solution

Upgrade to MantisBT 1.3.0-beta.2 or later.

See Also

https://www.mantisbt.org/blog/?p=416

http://www.nessus.org/u?cbd72cce

http://seclists.org/fulldisclosure/2015/Jan/110

Plugin Details

Severity: High

ID: 8907

Family: CGI

Published: 2015/04/16

Modified: 2018/09/16

Dependencies: 8680

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Patch Publication Date: 2015/03/14

Vulnerability Publication Date: 2015/01/06

Reference Information

CVE: CVE-2014-9571, CVE-2014-9572, CVE-2014-9573, CVE-2014-9701, CVE-2015-1042

BID: 71988, 73131