386153 – (CVE-2011-3358) www-apps/mantisbt: multiple vulnerabilities (CVE-2011-{2938,3356,3357,3358,3578,3755})

Bug 386153 (CVE-2011-3358) - www-apps/mantisbt: multiple vulnerabilities (CVE-2011-{2938,3356,3357,3358,3578,3755})

Summary: www-apps/mantisbt: multiple vulnerabilities (CVE-2011-{2938,3356,3357,3358,35...

Status:	RESOLVED FIXED

Alias:	CVE-2011-3358

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-07 21:57 UTC by GLSAMaker/CVETool Bot
Modified:	2012-11-08 10:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 21:57:53 UTC

CVE-2011-3578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578):
  Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in
  MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script
  or HTML via the action parameter, related to bug_actiongroup_page.php, a
  different vulnerability than CVE-2011-3357.


Please punt vulnerable versions.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 21:58:58 UTC

CVE-2011-3358 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358):
  Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8
  allow remote attackers to inject arbitrary web script or HTML via the (1)
  os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or
  (b) bug_update_advanced_page.php, related to use of the Projax library.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 22:05:39 UTC

CVE-2011-3356 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356):
  Multiple cross-site scripting (XSS) vulnerabilities in
  config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to
  inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by
  the PATH_INFO to (1) manage_config_email_page.php, (2)
  manage_config_workflow_page.php, or (3) bugs/plugin.php.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 22:05:53 UTC

CVE-2011-3755 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755):
  MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a
  direct request to a .php file, which reveals the installation path in an
  error message, as demonstrated by view_all_inc.php and certain other files.

CVE-2011-3357 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357):
  Directory traversal vulnerability in bug_actiongroup_ext_page.php in
  MantisBT before 1.2.8 allows remote attackers to include and execute
  arbitrary local files via a .. (dot dot) in the action parameter, related to
  bug_actiongroup_page.php.

CVE-2011-2938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938):
  Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in
  MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script
  or HTML via a parameter, as demonstrated by the project_id parameter to
  search.php.

Comment 4 Peter Volkov (RETIRED) gentoo-dev

2011-10-08 15:51:30 UTC

Vulnerable version was dropped.

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 16:04:25 UTC

Vote: yes.

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2011-10-08 21:07:10 UTC

YES too, request filed.

Comment 7 Agostino Sarubbo gentoo-dev

2012-09-27 18:52:29 UTC

which is the fixed version here?

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2012-11-08 10:42:57 UTC

This issue was resolved and addressed in
 GLSA 201211-01 at http://security.gentoo.org/glsa/glsa-201211-01.xml
by GLSA coordinator Tobias Heinlein (keytoaster).