Free Trial

An access control issue in MantisBT before 1.2.13

Overview :
An access control issue in MantisBT before 1.2.13 allows users with “Reporter” permissions to change any issue to “New”.
Affected Product(s) :
  • MantisBT 1.2.12
Vulnerability Details :
CVE ID : CVE-2013-1811
Damien Regad (MantisBT developer) discovered and fixed[1] an access control/permissions bug in MantisBT that exists in MantisBT version 1.2.12 and prior.
A MantisBT user with “Reporter” permissions (enabling them to report/create new issues) can modify the workflow status of any issue to
“New” even if they do not have the necessary permission to make this change.

Details of the bug, including steps to reproduce and patches are available at [1].
References:
>> [1] http://www.mantisbt.org/bugs/view.php?id=15258

Solution :

Update to MantisBT version 1.2.13.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION

CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION

Description An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version

Learn more
CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL

CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL

Description A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute

Learn more
CVE-2024-47104 : IBM I 7.4/7.5 PHYSICAL FILE SECURITY ATTRIBUTES PERMISSION ASSIGNMENT

CVE-2024-47104 : IBM I 7.4/7.5 PHYSICAL FILE SECURITY ATTRIBUTES PERMISSION ASSIGNMENT

Description IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A

Learn more