An access control issue in MantisBT before 1.2.13 allows users with “Reporter” permissions to change any issue to “New”.
Affected Product(s) :
Vulnerability Details :
CVE ID :
Damien Regad (MantisBT developer) discovered and fixed an access control/permissions bug in MantisBT that exists in MantisBT version 1.2.12 and prior.
A MantisBT user with “Reporter” permissions (enabling them to report/create new issues) can modify the workflow status of any issue to
“New” even if they do not have the necessary permission to make this change.