Roland Becker and Damien Regad (MantisBT developers) found that any user able to report issues via the SOAP interface could also modify any bugnotes (comments) created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report new issues. This vulnerability therefore impacts upon many public facing MantisBT installations.
From the CVE request [2]:
Roland Becker and Damien Regad (MantisBT developers) found that any user able to report issues via the SOAP interface could also modify any bugnotes (comments) created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report new issues. This vulnerability therefore impacts upon many public facing MantisBT installations.
References: www.mantisbt. org/bugs/ view.php? id=14340 www.openwall. com/lists/ oss-security/ 2012/06/ 09/1 /bugs.gentoo. org/show_ bug.cgi? id=420375
[1] http://
[2] http://
[3] https:/
Upstream patches (against the v1.2.x branch) seems to be the /github. com/mantisbt/ mantisbt/ commit/ edc8142bb8ac0ac 0df1a3824d78c15 f4015d959e /github. com/mantisbt/ mantisbt/ commit/ 175d973105fe9f0 3a37ced537b7426 11631067e0
following two:
[4] https:/
[5] https:/