Candidate: CVE-2012-1118
PublicDate: 2012-06-29 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1118
Description:
 The access_has_bug_level function in core/access_api.php in MantisBT before
 1.2.9 does not properly restrict access when the private_bug_view_threshold
 is set to an array, which allows remote attackers to bypass intended
 restrictions and perform certain operations on private bug reports.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662858
 http://www.mantisbt.org/bugs/view.php?id=10124
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
 vendor: http://www.debian.org/security/2012/dsa-2500
upstream_mantis: released (1.2.9)
hardy_mantis: ignored (reached end-of-life)
lucid_mantis: ignored (reached end-of-life)
maverick_mantis: ignored (reached end-of-life)
natty_mantis: released (1.1.8+dfsg-10squeeze2build0.11.04.1)
oneiric_mantis: ignored (reached end-of-life)
precise_mantis: not-affected (1.2.10-1)
quantal_mantis: not-affected (1.2.10-1)
raring_mantis: not-affected (1.2.10-1)
saucy_mantis: not-affected (1.2.10-1)
devel_mantis: DNE