View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0023921 | mantisbt | security | public | 2018-02-01 22:15 | 2018-03-29 11:15 |
| Reporter | foolandtom | Assigned To | dregad | ||
| Priority | low | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 2.11.0 | ||||
| Summary | 0023921: CVE-2018-6526: view_all_bug_page Leak path | ||||
| Description | filter Parameter receiving values can cause site path leakage url:https://mantisbt.org/bugs/view_all_bug_page.php?filter=1 file:view_all_bug_page.php | ||||
| Steps To Reproduce | Leakage content: APPLICATION ERROR Argument 1 passed to filter_ensure_valid_filter() must be of the type array, string given, called in /srv/www/bugs/core/current_user_api.php on line 252 url:https://mantisbt.org/bugs/view_all_bug_page.php?filter=1 Leaked path :/srv/www/bugs/core/current_user_api.php | ||||
| Additional Information | The test site is: https://mantisbt.org/bugs/view_all_bug_page.php?filter=1 Direct copy of the address after logging in | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
|
Removed Seems to be caused by changing the error handler when introducing exceptions. |
|
|
yes |
|
|
I'll push a fix shortly. |
|
|
Removed fixed in version and target version so it doesn't show in changelog since this is a fix for a bug that wasn't released. |
|
|
Looks like someone requested a CVE for this: https://nvd.nist.gov/vuln/detail/CVE-2018-6526 Unfortunately, they provided incorrect version information to the CNA, so the CVE is listed as affecting <= 2.10.0 which is incorrect. |
|
|
MantisBT: master de686a9e 2018-02-02 01:14 Details Diff |
Fix PHP error - wrong argument type Initialize $t_filter variable as array() instead of '' in current_user_get_bug_filter(), to ensure its type is correct when calling filter_ensure_valid_filter(). Fixes 0023921 |
Affected Issues 0023921 |
|
| mod - core/current_user_api.php | Diff File | ||