View Issue Details

IDProjectCategoryView StatusLast Update
0024647mantisbtsecuritypublic2018-09-04 02:34
ReporteratrolAssigned Toatrol 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version 
Target Version2.16.1Fixed in Version2.16.1 
Summary0024647: CVE-2018-14895: XSS in bug_actiongroup.php
Description

Issue summary is printed on bug_actiongroup.php without being sanitized.
This happens if the issue is displayed in the list of ID's where the action failed due to various reasons (e.g. missing access rights, unallowed status changes, ...)

Fix needs to be backported to 1.3.

TagsNo tags attached.

Relationships

has duplicate 0024648 closedatrol CVE-2018-14895: XSS in bug_actiongroup.php 

Activities

atrol

atrol

2018-08-02 17:48

developer  

xss-bugactiongroup.patch (1,025 bytes)
From f2324f7f307b99bf32ec0fcb4670f27971613264 Mon Sep 17 00:00:00 2001
From: Roland Becker <roland@atrol.de>
Date: Thu, 2 Aug 2018 23:44:15 +0200
Subject: [PATCH] Fix XSS in bug_actiongroup.php

Fixes #24647
---
 bug_actiongroup.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bug_actiongroup.php b/bug_actiongroup.php
index 37cc98179..0b5788e9c 100644
--- a/bug_actiongroup.php
+++ b/bug_actiongroup.php
@@ -353,7 +353,8 @@ if( count( $t_failed_ids ) > 0 ) {
 	$separator = lang_get( 'word_separator' );
 	foreach( $t_failed_ids as $t_id => $t_reason ) {
 		$label = sprintf( lang_get( 'label' ), string_get_bug_view_link( $t_id ) ) . $separator;
-		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, bug_get_field( $t_id, 'summary' ), $t_reason );
+		$t_summary = string_display_line( bug_get_field( $t_id, 'summary' ) );
+		printf( "<tr><td width=\"50%%\">%s%s</td><td>%s</td></tr>\n", $label, $t_summary, $t_reason );
 	}
 	echo '</div>';
 	echo '</table><br />';
-- 
2.18.0

xss-bugactiongroup.patch (1,025 bytes)
dregad

dregad

2018-08-03 03:58

developer   ~0060352

Vulnerability was introduced in MantisBT master 60260a18 (Release 1.1.0a4)

dregad

dregad

2018-08-03 04:18

developer   ~0060353

CVE Request 548039 sent

dregad

dregad

2018-08-06 08:36

developer   ~0060361

CVE-2018-14895 assigned

Related Changesets

MantisBT: master-2.16 e8197359

2018-08-02 17:44:15

atrol


Committer: dregad Details Diff
Fix XSS in bug_actiongroup.php

Issue summary was printed on bug_actiongroup.php without being
sanitized (CVE-2018-14895).

Fixes 0024647
Affected Issues
0024647
mod - bug_actiongroup.php Diff File

Issue History

Date Modified Username Field Change
2018-08-02 17:45 atrol New Issue
2018-08-02 17:48 atrol File Added: xss-bugactiongroup.patch
2018-08-02 18:10 atrol Issue cloned: 0024648
2018-08-02 18:10 atrol Relationship added has duplicate 0024648
2018-08-03 03:58 dregad Status new => confirmed
2018-08-03 03:58 dregad Note Added: 0060352
2018-08-03 04:18 dregad Note Added: 0060353
2018-08-06 08:36 dregad Summary XSS in bug_actiongroup.php => CVE-2018-14895: XSS in bug_actiongroup.php
2018-08-06 08:36 dregad Note Added: 0060361
2018-08-06 08:56 dregad Changeset attached => MantisBT master-2.16 e8197359
2018-08-06 08:56 atrol Assigned To => atrol
2018-08-06 08:56 atrol Status confirmed => resolved
2018-08-06 08:56 atrol Resolution open => fixed
2018-08-06 08:56 atrol Fixed in Version => 2.16.1
2018-09-04 01:23 vboctor Status resolved => closed
2018-09-04 02:34 atrol View Status private => public