View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017878 | mantisbt | security | public | 2014-11-14 19:54 | 2014-12-07 09:16 |
| Reporter | grangeway | Assigned To | dregad | ||
| Priority | high | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.2.17 | ||||
| Target Version | 1.2.18 | Fixed in Version | 1.2.18 | ||
| Summary | 0017878: Prevent unauthorized users setting handler when reporting issue | ||||
| Description | There is no security check in bug_report.php to prevent unauthorized users from setting the handler_id parameter, allowing them to assign issues regardless of their access level. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master-1.2.x b2f91c02 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
| mod - bug_report.php | Diff File | ||
|
MantisBT: master 6efa02f6 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
| mod - bug_report.php | Diff File | ||
