View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0023186 | mantisbt | security | public | 2017-08-04 19:26 | 2017-09-03 18:41 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Target Version | 1.3.12 | Fixed in Version | 1.3.12 | ||
| Summary | 0023186: Improve doc and notifications when admin dir is present (CVE-2017-12419) | ||||
| Description | This is just to track the stopgap measures taken to mitigate the risk of an attack as described in 0023173 Clone of 0023185 to track the fix in 1.3.x roadmap/changelog | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master-1.3.x 21a15b88 2017-08-03 12:54 Details Diff |
Restore "admin dir" warning on login page Commit 9da643a6f6c1b7604598968baa3cd2f6fd4540ff modified the admin checks on login page to remove the logic checking for pre 1.0 upgrade steps. However, it also (probably unintentionally) removed the check for admin directory presence, so administrators are no longer reminded that they should delete this directory, potentially leaving them exposed to security breaches. This commit restores the warning, and improves the error message. Fixes 0023179 Stopgap measure for issue 0023173 Backported from master-2.5 branch d6d7dc2dc7473637c8ac17a78c0374f16981f409 |
Affected Issues 0023173, 0023179, 0023186 |
|
| mod - lang/strings_english.txt | Diff File | ||
| mod - login_page.php | Diff File | ||
|
MantisBT: master-1.3.x 10211c90 2017-08-04 13:45 Details Diff |
Improve admin information about CVE-2017-12419 - Add admin check for mysqli.allow_local_infile - Add reminder to remove admin dir at end of Admin checks - Improve post-install tasks section of Admin Guide: add explicit warning about potential consequences of not deleting the admin directory, more descriptive wording. Stopgap measures for issue 0023173 Backported from master-2.5 branch 3a7c6f75bf3c4bc0856ebffe388df9e46ac10e5d Conflicts: admin/check/index.php |
Affected Issues 0023173, 0023186 |
|
| mod - admin/check/check_database_inc.php | Diff File | ||
| mod - admin/check/index.php | Diff File | ||
| mod - docbook/Admin_Guide/en-US/Installation.xml | Diff File | ||
