4 matches found
CVE-2020-29604
An issue was discovered in MantisBT before 2.24.4. A missing access check in bugactiongroup.php allows an attacker with rights to create new issues to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue i.e., one having Private view status, or...
CVE-2012-1122
bugactiongroup.php in MantisBT before 1.2.9 does not properly check the reportbugthreshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the reportbugthreshold and movebugthreshold privileges for a project to bypass intended access...
CVE-2012-1122
bugactiongroup.php in MantisBT before 1.2.9 does not properly check the reportbugthreshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the reportbugthreshold and movebugthreshold privileges for a project to bypass intended access...
CVE-2012-1122
CVE-2012-1122 affects MantisBT prior to 1.2.9. The bug_actiongroup.php check does not properly enforce report_bug_threshold in the receiving project, allowing remote authenticated users with report_bug_threshold and move_bug_threshold for a project to bypass access controls and move a bug report ...