0013736: mc_issue_get_id_from_summary incorrectly checks for permissions - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0013736	mantisbt	security	public	2012-01-07 16:21	2014-09-23 18:05

Reporter	rombert	Assigned To	rombert
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Target Version	1.2.9	Fixed in Version	1.2.9

Summary	0013736: mc_issue_get_id_from_summary incorrectly checks for permissions
Description	mc_issue_get_id_from_summary. It does not take into account whether the issue is private and as a result will always reveal whether or not a private issue with a specified summary exists -- even if the user does not have permission to know about private issues.
Tags	No tags attached.

MantisBT: master-1.2.x 35aed248 2012-03-03 09:38 rombert Details Diff	Correct access checks in mc_issue_get_id_from_summary Fixes 0013736: mc_issue_get_id_from_summary incorrectly checks for permissions	Affected Issues 0013736
	mod - api/soap/mc_issue_api.php	Diff File
MantisBT: master 4dd69a55 2012-03-03 09:41 rombert Details Diff	Correct access checks in mc_issue_get_id_from_summary Fixes 0013736: mc_issue_get_id_from_summary incorrectly checks for permissions	Affected Issues 0013736
	mod - api/soap/mc_issue_api.php	Diff File

related to	0013656	closed	rombert	Reporters have read/write access to existing data of other users
related to	0015721	closed	grangeway	Functionality to consider porting to master-2.0.x

grangeway 2013-04-05 17:57 reporter ~0036378	Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch