Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 09 Jun 2012 18:19:12 +1000
From: David Hicks <d@...id.au>
To: Open Source Security Mailing List <oss-security@...ts.openwall.com>
Cc: MantisBT Developer Mailing List <mantisbt-dev@...ts.sourceforge.net>
Subject: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11

CVE REQUEST #1

Title: Reporters can edit arbitrary bugnotes via SOAP API
Affected: MantisBT 1.2.10 and earlier versions
Not affected: MantisBT 1.2.11

Description:
Roland Becker and Damien Regad (MantisBT developers) found that any user
able to report issues via the SOAP interface could also modify any
bugnotes (comments) created by other users. In a default/typical
MantisBT installation, SOAP API is enabled and any user can sign up to
report new issues. This vulnerability therefore impacts upon many public
facing MantisBT installations.

References:
[1] http://www.mantisbt.org/bugs/view.php?id=14340



CVE REQUEST #2

Title: delete_attachments_threshold not checked on attachment deletion
Affected: MantisBT 1.2.10 and earlier versions
Not affected: MantisBT 1.2.11

Description:
Roland Becker (MantisBT developer) found that the
delete_attachments_threshold permission was not being checked when a
user attempted to delete an attachment from an issue. The more generic
update_bug_threshold permission was being checked instead. MantisBT
administrators may have been under the false impression that their
configuration of the delete_attachments_threshold was successfully
preventing unwanted users from deleting attachments.

References:
[1] http://www.mantisbt.org/bugs/view.php?id=14016



With thanks,
David Hicks
MantisBT Developer
#mantisbt irc.freenode.net
http://www.mantisbt.org/bugs/


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ