Mantis: Multiple vulnerabilities — GLSA 200809-10

Multiple vulnerabilities have been reported in Mantis.

Affected Packages

www-apps/mantisbt on all architectures
Affected versions < 1.1.2
Unaffected versions >= 1.1.2

Background

Mantis is a PHP/MySQL/Web based bugtracking system.

Description

Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a Cross-Site Scripting vulnerability in return_dynamic_filters.php (CVE-2008-3331), and an insufficient input validation in adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability in core/lang_api.php (CVE-2008-3333) has also been reported.

Impact

A remote attacker could exploit these vulnerabilities to execute arbitrary HTML and script code, create arbitrary users with administrative privileges, execute arbitrary PHP commands, and include arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All Mantis users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.2"

References

Release Date
September 21, 2008

Latest Revision
November 26, 2008: 02

Severity
high

Exploitable
remote

Bugzilla entries