CVE-2017-7620

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.3.11 MantisBT versions 2.x prior to 2.3.3 MantisBT versions 2.4.x prior to 2.4.1

Description The issue arises from the omission of a backslash check in string api.php, leading to conflicting interpretations of an initial / substring as either introducing a local pathname or a remote hostname. This results in two main problems: (1) arbitrary Permalink Injection via CSRF attacks on a "permalink page.php?url=" URI, and (2) an open redirect via a "login page.php?return=" URI.

Recommendations For MantisBT versions prior to 1.3.11, update to version 1.3.11 or later. For MantisBT versions 2.x prior to 2.3.3, update to version 2.3.3 or later. For MantisBT versions 2.4.x prior to 2.4.1, update to version 2.4.1 or later.