CVE-2012-5522

2012-11-16T00:55:00
ID CVE-2012-5522
Type cve
Reporter cve@mitre.org
Modified 2021-01-12T18:05:00

Description

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.