SB2019110808 - Input validation error in mantisbt.sourceforge.net MantisBT
Published: November 8, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2013-1811)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated user to manipulate data.
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Remediation
Install update from vendor's website.