CVE-2024-34081

May 14, 2024, 4:12 p.m.

6.6
Medium

Description

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues (`bug_change_status_page.php`) belonging to a project linking said custom field, viewing issues (`view_all_bug_page.php`) when the custom field is displayed as a column, or printing issues (`print_all_bug_page.php`) when the custom field is displayed as a column. Version 2.26.2 contains a patch for the issue. As a workaround, ensure Custom Field Names do not contain HTML tags.

Product(s) Impacted

Product Versions
MantisBT
  • 2.26.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/mantisbt/mantisbt/commit/447a521aae0f82f791b8116a14a20e276df739be
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-wgx7-jp56-65mq
https://mantisbt.org/bugs/view.php?id=34432

Tags

security-advisories@github.com
CWE-79
2024-05-14
CVE-2024-34081

CVSS Score

6.6 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

    View Vector String

Timeline

Published: May 14, 2024, 3:38 p.m.
Last Modified: May 14, 2024, 4:12 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.