fkie_nvd - fkie_cve-2017-7620

fkie_cve-2017-7620

Vulnerability from fkie_nvd

Published

2017-05-21 14:29

Modified

2024-11-21 03:32

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.

References

URL	Tags
cve@mitre.org	http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt	Exploit, Third Party Advisory
cve@mitre.org	http://www.securitytracker.com/id/1038538
cve@mitre.org	https://mantisbt.org/bugs/view.php?id=22702	Issue Tracking
cve@mitre.org	https://mantisbt.org/bugs/view.php?id=22816	Issue Tracking
cve@mitre.org	https://www.exploit-db.com/exploits/42043/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038538
af854a3a-2127-422b-91ae-364da2661108	https://mantisbt.org/bugs/view.php?id=22702	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://mantisbt.org/bugs/view.php?id=22816	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/42043/	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
mantisbt	mantisbt	*
mantisbt	mantisbt	2.0.0
mantisbt	mantisbt	2.0.1
mantisbt	mantisbt	2.1.0
mantisbt	mantisbt	2.1.1
mantisbt	mantisbt	2.1.2
mantisbt	mantisbt	2.2.0
mantisbt	mantisbt	2.2.2
mantisbt	mantisbt	2.2.3
mantisbt	mantisbt	2.2.4
mantisbt	mantisbt	2.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A45AF0-9B5E-4445-BF5F-7FDE0DECB951",
              "versionEndIncluding": "1.3.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B537D8BB-944B-4B92-B48D-0CA5A2D01372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "39492D12-1A13-43CE-84A7-F5CCFB87D612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E6AF670-28C3-4D7E-9EB4-E0B366CE818E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "021CC8F4-B310-4DBF-9D50-B8A357158E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73E7205-12E1-4C57-A120-91C4C0760305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2550F1FD-5104-4BAA-80F6-C6202D7326B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F89D994-7F93-4839-8A57-F4CD633576E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2154CE53-2DED-4023-96D5-515468E226B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4779C-8E14-4CB1-BCB4-80F4C5020629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9258FCA1-6948-4DFE-BE50-5A39B5A64120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI."
    },
    {
      "lang": "es",
      "value": "MantisBT antes de v1.3.11, 2.x antes de v2.3.3 y 2.4.x antes de v2.4.1 omite una verificaci\u00f3n de barra invertida en string_api.php y, en consecuencia, tiene interpretaciones conflictivas de una subcadena inicial \\/ como introducci\u00f3n de una ruta de acceso local o un host remoto, que conduce a (1) una inyecci\u00f3n arbitraria de HTTP a trav\u00e9s de ataques CSRF en un URI permalink_page.php?url= y (2) una redirecci\u00f3n abierta a trav\u00e9s de un URI login_page.php?return=."
    }
  ],
  "id": "CVE-2017-7620",
  "lastModified": "2024-11-21T03:32:18.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-21T14:29:00.180",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1038538"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://mantisbt.org/bugs/view.php?id=22702"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://mantisbt.org/bugs/view.php?id=22816"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.exploit-db.com/exploits/42043/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://mantisbt.org/bugs/view.php?id=22702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://mantisbt.org/bugs/view.php?id=22816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.exploit-db.com/exploits/42043/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-7620

Vulnerability from cvelistv5

Published

2017-05-21 14:00

Modified

2024-08-05 16:12