View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017878 | mantisbt | security | public | 2014-11-14 19:54 | 2014-12-07 09:16 |
Reporter | grangeway | Assigned To | dregad | ||
Priority | high | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.17 | ||||
Target Version | 1.2.18 | Fixed in Version | 1.2.18 | ||
Summary | 0017878: Prevent unauthorized users setting handler when reporting issue | ||||
Description | There is no security check in bug_report.php to prevent unauthorized users from setting the handler_id parameter, allowing them to assign issues regardless of their access level. | ||||
Tags | No tags attached. | ||||
MantisBT: master-1.2.x b2f91c02 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
mod - bug_report.php | Diff File | ||
MantisBT: master 6efa02f6 2014-10-30 14:40 Paul Richards Committer: dregad Details Diff |
Prevent unauthorized users setting handler when reporting issue Adding a security check to block the update when access level is insufficient. Fixes 0017878 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
Affected Issues 0017878 |
|
mod - bug_report.php | Diff File |