Input Validation Vulnerability in MantisBT by MantisBT Team
CVE-2020-35571

6.1MEDIUM

Key Information:

Vendor: Mantisbt
Status: Mantisbt
Vendor: CVE Published:; 22 February 2021

What is CVE-2020-35571?

An input validation vulnerability exists in MantisBT affecting versions up to 2.24.3. This vulnerability arises in the helper_ensure_confirmed function within manage_custom_field_update.php, where the custom field name is not properly sanitized. As a result, this oversight could lead to various security risks, especially influenced by Content Security Policy (CSP) settings. Proper sanitization measures are crucial for preventing potential exploitation and ensuring data integrity.

References

https://mantisbt.org/bugs/view.php?id=27768

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2021
Vulnerability Reserved
Dec 20, 2020

Mantisbt

What is CVE-2020-35571?

References

CVSS V3.1

Timeline