|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200510-24] Mantis: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Mantis: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200510-24
(Mantis: Multiple vulnerabilities)
Mantis contains several vulnerabilities, including:
a remote file inclusion vulnerability
an SQL injection
vulnerability
multiple cross site scripting
vulnerabilities
multiple information disclosure
vulnerabilities
Impact
A possible hacker could exploit the remote file inclusion vulnerability
to execute arbitrary script code, and the SQL injection vulnerability
to access or modify sensitive information from the Mantis database.
Furthermore the cross-site scripting issues give a possible hacker the
ability to inject and execute malicious script code or to steal
cookie-based authentication credentials, potentially compromising the
victim's browser. A possible hacker could exploit other vulnerabilities to
disclose information.
Workaround
There is no known workaround at this time.
References:
http://www.mantisbt.org/changelog.php
Solution:
All Mantis users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mantisbt-0.19.3"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|