{"id":675,"date":"2020-12-30T13:00:28","date_gmt":"2020-12-30T13:00:28","guid":{"rendered":"http:\/\/mantisbt.org\/blog\/?p=675"},"modified":"2022-04-13T16:32:52","modified_gmt":"2022-04-13T16:32:52","slug":"mantisbt-2-24-4-released","status":"publish","type":"post","link":"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/675","title":{"rendered":"MantisBT 2.24.4 Released"},"content":{"rendered":"\n<p>In order to stay up to date with the latest MantisBT news, please star our <a href=\"https:\/\/github.com\/mantisbt\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub repository<\/a>, join our <a href=\"https:\/\/app.gitter.im\/#\/room\/#mantisbt_mantisbt:gitter.im\" target=\"_blank\" rel=\"noreferrer noopener\">Gitter channel<\/a>, or <a href=\"https:\/\/twitter.com\/mantisbt\" target=\"_blank\" rel=\"noreferrer noopener\">follow us on X<\/a> or <a href=\"https:\/\/phpc.social\/@mantisbt\">Mastodon<\/a> and retweet to spread the word!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">MantisBT 2.24.4<\/h2>\n\n\n\n<p>Security and maintenance release, addressing <strong>6 CVEs<\/strong>: an XSS issue, an SQL injection in the SOAP API and several information disclosure issues including a critical one allowing full access to private issues&#8217; contents. <strong>All installations are strongly advised to upgrade as soon as possible.<\/strong><\/p>\n\n\n\n<p>This release also includes a few PHP 8.0 compatibility fixes, including a major one causing an access denied error for all users when updating issues.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=20690\">0020690<\/a>: <strong>[bugtracker]<\/strong> inconsistent UI for view bugnote revision (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=26794\">0026794<\/a>: <strong>[security]<\/strong> User Account &#8211; Takeover (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27363\">0027363<\/a>: <strong>[security]<\/strong> Fixed in version can be changed to a version that doesn&#8217;t exist (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27350\">0027350<\/a>: <strong>[security]<\/strong> When updating an issue, a Viewer user can be set as Reporter (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27357\">0027357<\/a>: <strong>[security]<\/strong> Attacker can leak private information via different functionality (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27728\">0027728<\/a>: <strong>[security]<\/strong> CVE-2020-29604: Full disclosure of private issue contents, including bugnotes and attachments (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27727\">0027727<\/a>: <strong>[security]<\/strong> CVE-2020-29605: Disclosure of private issue summary (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27726\">0027726<\/a>: <strong>[security]<\/strong> CVE-2020-29603: Disclosure of private project name (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27361\">0027361<\/a>: <strong>[security]<\/strong> Private category can be access\/used by a non member of a private project (IDOR) (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27370\">0027370<\/a>: <strong>[security]<\/strong> CVE-2020-35849: Revisions allow viewing private bugnotes id and summary (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27495\">0027495<\/a>: <strong>[security]<\/strong> CVE-2020-28413: SQL injection in the parameter &#8220;access&#8221; on the mc_project_get_users function throught the API SOAP. (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>) <a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27704\">0027704<\/a>: <strong>[javascript]<\/strong> Javascript error in View Issues page (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27779\">0027779<\/a>: <strong>[security]<\/strong> CVE-2020-35571: XSS in helper_ensure_confirmed() calls (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27464\">0027464<\/a>: <strong>[printing]<\/strong> print_manage_user_sort_link Function Parameter Required after Optional (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27465\">0027465<\/a>: <strong>[code cleanup]<\/strong> Declaring a required parameter after an optional one is deprecated in PHP 8 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27799\">0027799<\/a>: <strong>[bugtracker]<\/strong> Adapt Error handler to PHP 8 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27806\">0027806<\/a>: <strong>[bugtracker]<\/strong> Impossible to edit issues with PHP8 (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=17784\">dregad<\/a>)<\/li><li><a href=\"https:\/\/mantisbt.org\/bugs\/view.php?id=27444\">0027444<\/a>: <strong>[security]<\/strong> Printing unsanitized user input in install.php (<a href=\"https:\/\/mantisbt.org\/bugs\/view_user_page.php?id=11111\">atrol<\/a>)<\/li><\/ul>\n\n\n\n<p>Many thanks to randomdhiraj, ethicalhcop and <a rel=\"noreferrer noopener\" href=\"https:\/\/gitlab.com\/jrckmcsb\" target=\"_blank\">d3vpoo1<\/a>, for identifying and responsibly reporting these security issues.<\/p>\n\n\n\n<p>Go ahead and&nbsp;<a href=\"https:\/\/mantisbt.org\/download.php\">download<\/a>&nbsp;the release from our website.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MantisBT 2.24.4 Security and maintenance release, addressing 6 CVEs: an XSS issue, an SQL injection in the SOAP API and several information disclosure issues including a critical one allowing full access to private issues&#8217; contents. All installations are strongly advised to upgrade as soon as possible. This release also includes a few PHP 8.0 compatibility &hellip; <a href=\"https:\/\/mantisbt.org\/blog\/archives\/mantisbt\/675\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;MantisBT 2.24.4 Released&#8221;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,11],"class_list":["post-675","post","type-post","status-publish","format-standard","hentry","category-mantisbt","tag-release","tag-security"],"_links":{"self":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/comments?post=675"}],"version-history":[{"count":2,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/675\/revisions"}],"predecessor-version":[{"id":677,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/posts\/675\/revisions\/677"}],"wp:attachment":[{"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/media?parent=675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/categories?post=675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mantisbt.org\/blog\/wp-json\/wp\/v2\/tags?post=675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}