View Issue Details

IDProjectCategoryView StatusLast Update
0026160mantisbtsecuritypublic2019-09-27 02:35
Reporterhanno Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.22.0 
Target Version2.22.1Fixed in Version2.22.1 
Summary0026160: Update bundled Bootstrap to 3.4.1 (CVE-2019-8331)
Description

Bootstrap 3.4.1 fixes an XSS issue (CVE-2019-8331).
I have not analyzed if this is actually exploitable within mantis, but I think in any case it'd be good to sync to the latest version.

Release notes from Bootstrap:
https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

TagsNo tags attached.

Relationships

related to 0024672 closedatrol Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) 

Activities

dregad

dregad

2019-09-20 10:25

developer   ~0062866

Thanks for the heads up. Will take care of it.

dregad

dregad

2019-09-20 11:11

developer   ~0062867

PR https://github.com/mantisbt/mantisbt/pull/1566

dregad

dregad

2019-09-27 02:35

developer   ~0062921

Related Changesets

MantisBT: master 1e2a3018

2019-09-20 11:00:03

dregad

Details Diff
Update Bootstrap to 3.4.1

Original css files were modified to remove the # on the source map file.
This prevents warnings in the browser console.

Fixes 0026160, CVE-2019-8331
Affected Issues
0026160
mod - core/constant_inc.php Diff File
rm - js/bootstrap-3.4.0.min.js Diff File
add - js/bootstrap-3.4.1.min.js Diff File

Issue History

Date Modified Username Field Change
2019-09-19 17:15 hanno New Issue
2019-09-20 10:25 dregad Assigned To => dregad
2019-09-20 10:25 dregad Status new => assigned
2019-09-20 10:25 dregad Target Version => 2.22.1
2019-09-20 10:25 dregad Note Added: 0062866
2019-09-20 10:26 dregad Relationship added related to 0024672
2019-09-20 11:11 dregad Note Added: 0062867
2019-09-22 04:22 dregad Changeset attached => MantisBT master 1e2a3018
2019-09-22 04:22 dregad Status assigned => resolved
2019-09-22 04:22 dregad Resolution open => fixed
2019-09-22 04:22 dregad Fixed in Version => 2.23.0
2019-09-22 04:58 atrol Fixed in Version 2.23.0 => 2.22.1
2019-09-27 02:35 dregad Note Added: 0062921
2019-09-27 02:35 dregad Status resolved => closed