Detections
Analytics

MantisBT < 2.26.2 Multiple Vulnerabilities

high Nessus Plugin ID 197939

Language:

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the MantisBT application hosted on the remote web server is prior to 2.26.2. It is, therefore, affected by the following vulnerabilities :

 - Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. (CVE-2024-34077)

 - If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. (CVE-2024-34080)

 - Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues belonging to a project linking said custom field, or viewing or printing issues when the custom field is displayed as a column. (CVE-2024-34081)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MantisBT version 2.26.2 or later.

See Also

http://www.nessus.org/u?d5d86d4a

http://www.nessus.org/u?373ab69e

http://www.nessus.org/u?098d9ab5

Plugin Details

Severity: High

ID: 197939

File Name: mantis_2_26_2.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 5/27/2024

Updated: 10/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2024-34077

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2024

Vulnerability Publication Date: 5/14/2024

Reference Information

CVE: CVE-2024-34077, CVE-2024-34080, CVE-2024-34081

IAVB: 2024-B-0053-S