CVE-2020-35571 Explained : Impact and Mitigation

An issue was discovered in MantisBT through 2.24.3 where the custom field name is not sanitized in the helper_ensure_confirmed call in manage_custom_field_update.php, potentially causing problems depending on CSP settings.

Understanding CVE-2020-35571

This CVE entry identifies a vulnerability in MantisBT that could lead to security issues due to unsanitized custom field names.

What is CVE-2020-35571?

The vulnerability in MantisBT through version 2.24.3 arises from the lack of sanitization of custom field names in a specific function call, posing a risk based on Content Security Policy (CSP) configurations.

The Impact of CVE-2020-35571

The unfiltered custom field name could potentially bypass security measures defined by CSP, opening avenues for security breaches and unauthorized access.

Technical Details of CVE-2020-35571

This section delves into the specifics of the vulnerability.

Vulnerability Description

The issue lies in the helper_ensure_confirmed call in manage_custom_field_update.php, where the custom field name is not properly sanitized, leaving room for exploitation.

Affected Systems and Versions

Product: MantisBT
Versions affected: Through 2.24.3

Exploitation Mechanism

Attackers could exploit this vulnerability by manipulating custom field names to evade CSP restrictions and potentially execute malicious actions.

Mitigation and Prevention

Protecting systems from CVE-2020-35571 requires immediate actions and long-term security practices.

Immediate Steps to Take

Apply patches or updates provided by MantisBT promptly.
Review and adjust CSP settings to mitigate risks associated with unsanitized inputs.

Long-Term Security Practices

Regularly monitor and update security configurations.
Conduct security audits to identify and address similar vulnerabilities.

Patching and Updates

Ensure that the MantisBT software is updated to a version that addresses the vulnerability to prevent exploitation.