View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0020873 | mantisbt | security | public | 2016-05-04 16:45 | 2016-05-20 02:06 |
Reporter | Kyle_Katarn | Assigned To | atrol | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | no change required | ||
Product Version | 1.2.19 | ||||
Summary | 0020873: User hijacking my BT | ||||
Description | A simple reported logged onto my BT and has been able to create issue, using "generate from issue ..." duplicating from 1 project to another. Issue been marked as "resolved" on the other projects, with fuzzy version allocation. Looks like a security flaw ? | ||||
Tags | No tags attached. | ||||
Issue History this user first logged onto the board at 2016-05-02 23:21 then got massive entry duplications at 2016-05-02 23:28 User deleted and now trying to fix all this mess 1 by 1 |
|
Kyle_Katarn,
The provided information is not sufficient to provide any help in resolving the issue. A complete and detailed description is required for the support team to get a clear understanding of the problem. Please explain what you do, what are the results you expect to get and what you actually get. Also provide detailed, step-by-step instructions to reproduce the issue; the additional information listed below may also be useful:
|
|
Looks like a malicious case since 45 issues where created simultaneously. All picked from the 45 latest issues, duplicated onto a single project (correction of my issue description) Unable to reproduce, i just cleaned the mess |
|
Seems the user was using the "Copy" operation of the "View Issues" page to copy multiple issues in one go. There will be some options to prevent such operations in 1.3, see 0019261 |
|
ok thanks ! |
|
When will 1.3 get released ? |
|
There is no hard release date for 1.3. https://www.mantisbt.org/blog/ |
|
But this year ? later ? |
|
I hope it will be this year. This project is driven by volunteers working in their free time for it. |
|