4 matches found
CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...
CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...
GHSA-PQ86-J2C2-47F6 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...