Launchpad CVE tracker

CVE 2012-2691

The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.

Related bugs and status

CVE-2012-2691 (Candidate) is related to these bugs:

Bug #1011823: mantisbt : multiple vulnerabilities

		In	Importance	Status
1011823	mantisbt : multiple vulnerabilities	mantis (Ubuntu)	Undecided	Triaged
1011823	mantisbt : multiple vulnerabilities	Gentoo Linux	Low	Fix Released
1011823	mantisbt : multiple vulnerabilities	Fedora	Low	Fix Released
1011823	mantisbt : multiple vulnerabilities	mantis (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.securityfoc...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://security.gentoo...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.mantisbt.or...
MISC: http://www.mantisbt.or...
MISC: https://github.com/man...
MISC: https://github.com/man...
MISC: https://exchange.xforc...

Launchpad.net

CVE 2012-2691

Related bugs and status

Related bugs

References