MantisBT Cross-Site Request Forgery / Open Redirection Vulnerability Fixed by 2.4.1/2.3.3/1.3.11


Description   (#A vulnerability has been identified in MantisBT.#A remote attacker could exploit it in order to:#- inject arbitrary permalink in the "url" parameter of the "permalink_page.php" page through cross-site request forgery attacks, via a specially crafted form on a malicious website triggering the vulnerability#- conduct an open redirect attack via the "return" parameter of the "login_page.php" page, leading to the redirection of the user to an arbitrary website.##This vulnerability stems from a missing backslash check in "string_api.php".##Proofs of concept are available.##The mantis packages provided by Debian Wheezy 7 are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
GNU/Linux (Debian) - 7Vulnerable Software:
MantisBT (Mantis) - 1.3.0, 1.3.1, 1.3.10, 1.3.2, 1.3.3, ..., 1.3.9, 2.3.0, 2.3.1, 2.3.2, 2.4
     
Solution   Versions 2.4.1, 2.3.3, and 1.3.11 of MantisBT fix this vulnerability.
     
CVE   CVE-2017-7620
     
References   - MantisBT : MantisBT 2.4.1, 2.3.3, and 1.3.11 released
http://www.mantisbt.org/blog/?p=525
- Debian Security Tracker : mantis
https://security-tracker.debian.org/tracker/CVE-2017-7620
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-05-20 

 Target Type 
Client 

 Possible exploit 
Remote