Ubuntu
mantis package

  1. Bug #1011823
  2. Comment #15

Comment 15 for bug 1011823

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

From the CVE request [2]:

Roland Becker and Damien Regad (MantisBT developers) found that any user able to report issues via the SOAP interface could also modify any bugnotes (comments) created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report new issues. This vulnerability therefore impacts upon many public facing MantisBT installations.

References:
[1] http://www.mantisbt.org/bugs/view.php?id=14340
[2] http://www.openwall.com/lists/oss-security/2012/06/09/1
[3] https://bugs.gentoo.org/show_bug.cgi?id=420375

Upstream patches (against the v1.2.x branch) seems to be the
following two:
[4] https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e
[5] https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0