MantisBT: master 508cab00
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dhx | dhx | master | 2012-06-01 20:40 | master bbc8e9be |
Affected Issues | 0014340: CVE-2012-2691 Reporters can update notes of other users by using SOAP API | |||
Changeset | Fix 0014340: Reporters can use SOAP to update bugnotes without permission The access checks inside bugnote_update.php and This posed a problem because the default installed state of MantisBT is Access checks within bugnote_update.php and api/soap/mc_issue_api.php Thanks to Roland Becker and Damien Regard (both MantisBT developers) for |
|||
mod - api/soap/mc_issue_api.php | Diff File |