View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0024672 | mantisbt | security | public | 2018-08-16 08:53 | 2019-09-20 10:26 |
Reporter | Kyle_Katarn | Assigned To | atrol | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.16.0 | ||||
Target Version | 2.20.0 | Fixed in Version | 2.20.0 | ||
Summary | 0024672: Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) | ||||
Description | Mantis is depending on Boostrap 3.3.6 which has some vulnerabilities (3 medium according to Netsparker). Consider update to a more recent version. | ||||
Tags | No tags attached. | ||||
Thanks for the heads up, we'll look into it. EDIT: After a quick look at changes from 3 to 4, and considering our use of the ACE admin template, this is no small undertaking... don't hold your breath ;-) |
|
Using 3.4.0 might be an option |
|
Assuming they ever release it... |
|
Would you please edit my issue's title in order to change it to "Fix CVE-2018-14040, CVE-2018-14041, CVE-2018-14042" ? (which is more relevant) |
|
Thanks !! |
|
@atrol should this be applied 2.19.1? |
|
@vboctor this is a security issue, but I did not investigate if there is a way to use the leak in MantisBT. So the answer is: Maybe ;-) |
|
MantisBT: master fd56979f 2018-12-30 10:40 Details Diff |
Update Bootstrap to 3.4.0 Fixes 0024672 |
Affected Issues 0024672 |
|
mod - core/constant_inc.php | Diff File | ||
rm - css/bootstrap-3.3.6.css | Diff | ||
rm - css/bootstrap-3.3.6.min.css | Diff | ||
add - css/bootstrap-3.4.0.css | Diff File | ||
add - css/bootstrap-3.4.0.min.css | Diff File | ||
rm - js/bootstrap-3.3.6.min.js | Diff | ||
add - js/bootstrap-3.4.0.js | Diff File | ||
add - js/bootstrap-3.4.0.min.js | Diff File |