SB2019110808 - Input validation error in mantisbt.sourceforge.net MantisBT

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2013-1811)

The vulnerability allows a remote authenticated user to manipulate data.

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

Remediation

Install update from vendor's website.

References

• http://www.debian.org/security/2015/dsa-3120
• http://www.openwall.com/lists/oss-security/2013/03/03/6
• http://www.openwall.com/lists/oss-security/2013/03/04/9
• https://mantisbt.org/bugs/view.php?id=15258
• https://security-tracker.debian.org/tracker/CVE-2013-1811