Mantis未授权Project bug列表查看漏洞发布时间:2002-08-28 更新时间:2002-08-28 严重程度:低 威胁程度:其它 错误类型:访问验证错误 利用方式:服务器模式 BUGTRAQ ID:5514 受影响系统 Mantis Mantis 0.15.3详细描述 Mantis是基于WEB的BUG跟踪程序,其中存在问题允许BUG跟踪系统的用户未授权受限制的PROJECT。 Mantis没有充分限制用户访问PORJECT。问题是由于Mantis根据用户COOKIE来判断是否能访问这个PROJECT,用户可以更改COOKIE数据中的相应PROJECT_ID来访问相关的PROJECT,不过这个漏洞只限制访问公开的其他用户PROJECT。 测试代码 无 解决方案 在core_user_API.php脚本中增加: # Check to see if the current user has access on the specified project function check_access_to_project( $p_project_id ) { $t_project_view_state = get_project_field( $p_project_id, 'view_state' ); # Administrators ALWAYS pass. if ( get_current_user_field( 'access_level' ) >= ADMINISTRATOR ) { return; } # public project accept all users if ( PUBLIC == $t_project_view_state ) { return; } else { # private projects require users to be assigned $t_project_access_level = get_project_access_level( $p_project_id ); # -1 means not assigned, kick them out to the project selection screen if ( -1 == $t_project_access_level ) { print_header_redirect( 'login_select_proj_page.php' ); } else { # passed return; } } } 在view_all_bug_page.php脚本中把下面代码: $t_where_clause .= ')'; } } else { $t_where_clause = " WHERE project_id='$g_project_cookie_val'"; } # end project selection 代替为: $t_where_clause .= ')'; } } else { check_access_to_project($g_project_cookie_val); $t_where_clause = " WHERE project_id='$g_project_cookie_val'"; } # end project selection 升级程序下载: Mantis Mantis 0.15.3: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.4: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.5: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.6: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.7: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.8: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.9: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.10: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.11: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.15.12: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.16 .0: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.16.1: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17 .0: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17.1: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17.2: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 Mantis Mantis 0.17.3: Mantis Upgrade Mantis 0.17.4a http://sourceforge.net/project/showfiles.php?group_id=14963 相关信息 |
