CVE-2023-49802

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286	Patch
https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10	Issue Tracking Patch
https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11	Issue Tracking
https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw	Vendor Advisory
https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286	Patch
https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10	Issue Tracking Patch
https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11	Issue Tracking
https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mantisbt:linked_custom_fields:*:*:*:*:*:mantisbt:*:*

History

No history.

Information

Published : 2023-12-11 22:15

Updated : 2024-11-21 08:33

NVD link : CVE-2023-49802

Mitre link : CVE-2023-49802

CVE.ORG link : CVE-2023-49802

JSON object : View

Products Affected

mantisbt

linked_custom_fields

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-49802", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-12-11T22:15:06.730", "references": [{"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/commit/30e5ae751e40d7ae18bfd794fd48671477b3d286", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/issues/10", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/pull/11", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mantisbt-plugins/LinkedCustomFields/security/advisories/GHSA-2f37-9xpx-5hhw", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution."}, {"lang": "es", "value": "El complemento LinkedCustomFields para MantisBT permite a los usuarios vincular valores entre dos campos personalizados, creando men\u00fas desplegables vinculados. Antes de la versi\u00f3n 2.0.1, cross-site scripting en el complemento MantisBT LinkedCustomFields permit\u00edan la ejecuci\u00f3n de Javascript, cuando un campo personalizado manipulado se vincula a trav\u00e9s del complemento y se muestra al informar un nuevo problema o editar uno existente. Este problema se solucion\u00f3 en la versi\u00f3n 2.0.1. Como workaround, se puede utilizar la Pol\u00edtica de Seguridad de Contenido predeterminada de MantisBT, que bloquea la ejecuci\u00f3n del script."}], "lastModified": "2024-11-21T08:33:52.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mantisbt:linked_custom_fields:*:*:*:*:*:mantisbt:*:*", "vulnerable": true, "matchCriteriaId": "0A8DBAA5-48FF-4744-A583-D7CA7A1DAFF1", "versionEndExcluding": "2.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}