CVE-2013-1811
MEDIUMMantisBT < 1.2.13 - Unauthenticated Issue Status Change via Reporter Permissions
Title source: llmDescription
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2013-1811
Third Party Advisory x_refsource_misc
http://www.debian.org/security/2015/dsa-3120
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/03/03/6
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2013/03/04/9
Vendor Advisory x_refsource_confirm
https://mantisbt.org/bugs/view.php?id=15258
Scores
CVSS v3
4.3
EPSS
0.0103
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (3)
debian/debian_linux
6.0
debian/debian_linux
7.0
mantisbt/mantisbt
< 1.2.13
Published
Nov 07, 2019
Tracked Since
Feb 18, 2026