View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0013748 | mantisbt | security | public | 2012-01-09 08:11 | 2014-09-23 18:05 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.8 | ||||
Target Version | 1.2.9 | Fixed in Version | 1.2.9 | ||
Summary | 0013748: Can't move bugs from projects with access < report_bug_threshold | ||||
Description | When trying to move an issue from project A to project B, if the current user's access level is below report_bug_threshold in project A, they are not allowed to move the bug even though they should (i.e. they have move_bug_threshold in A and report_bug_threshold in B) | ||||
Steps To Reproduce |
Error message | ||||
Tags | No tags attached. | ||||
The access check in bug_actiongroup.php is not correct. It should verify the user's report_bug_threshold in the target project, not the current project. |
|
A CVE identifier has been assigned to this issue: CVE-2012-1122 MantisBT 1.2.8 13748 incorrect access checks performed |
|
Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch |
|
MantisBT: master 0da3f7ac 2012-01-09 00:10 Details Diff |
Fix Move bugs from projects with access < report_bug_threshold The access check in bug_actiongroup.php was not correct. It should verify the user's report_bug_threshold in the target project, not the current project. Fixes 0013748 |
Affected Issues 0013748 |
|
mod - bug_actiongroup.php | Diff File | ||
MantisBT: master-1.2.x 64af3ef8 2012-01-09 00:10 Details Diff |
Fix Move bugs from projects with access < report_bug_threshold The access check in bug_actiongroup.php was not correct. It should verify the user's report_bug_threshold in the target project, not the current project. Fixes 0013748 |
Affected Issues 0013748 |
|
mod - bug_actiongroup.php | Diff File |