MantisBT: master 15a5d6a3

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2012-06-03 11:29 master 473542ec
Affected Issues  0014340: CVE-2012-2691 Reporters can update notes of other users by using SOAP API
Changeset

mc_issue_note_update passing wrong param to access check function

Commit edc8142bb8ac0ac0df1a3824d78c15f4015d959e introduced proper logic
to avoid unauthorized update of bugnotes, but was passing incorrect
parameters to access_has_bugnote_level() so unprivileged users could
still update them.

Fixes 0014340
mod - api/soap/mc_issue_api.php Diff File