Vulnerability CVE-2015-5059


Published: 2017-08-01

Description:
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.

Vendor: Mantisbt
Product: Mantisbt 
Version: 1.2.19;

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163191.html
http://www.openwall.com/lists/oss-security/2015/06/25/3
http://www.openwall.com/lists/oss-security/2015/06/25/4
http://www.securityfocus.com/bid/75414
https://bugzilla.redhat.com/show_bug.cgi?id=1237199
https://github.com/mantisbt/mantisbt/commit/a4be76d6e5c4939545d84712c79d3f8f4a108c4f
https://github.com/mantisbt/mantisbt/commit/f39cf5251953b468e9d921e1cf2aca3abdb00772

Related CVE
CVE-2018-6526
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
CVE-2018-6382
** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because ser...
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
CVE-2014-9701
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
CVE-2017-12419
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL cli...
CVE-2017-12062
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled.
CVE-2017-12061
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject...

Copyright 2018, cxsecurity.com

 

Back to Top