Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/09/2012 02:19 AM, David Hicks wrote:
> CVE REQUEST #1
>
> Title: Reporters can edit arbitrary bugnotes via SOAP API Affected:
> MantisBT 1.2.10 and earlier versions Not affected: MantisBT 1.2.11
>
> Description: Roland Becker and Damien Regad (MantisBT developers)
> found that any user able to report issues via the SOAP interface
> could also modify any bugnotes (comments) created by other users.
> In a default/typical MantisBT installation, SOAP API is enabled and
> any user can sign up to report new issues. This vulnerability
> therefore impacts upon many public facing MantisBT installations.
>
> References: [1] http://www.mantisbt.org/bugs/view.php?id=14340

Please use CVE-2012-2691 for this issue.

> CVE REQUEST #2
>
> Title: delete_attachments_threshold not checked on attachment
> deletion Affected: MantisBT 1.2.10 and earlier versions Not
> affected: MantisBT 1.2.11
>
> Description: Roland Becker (MantisBT developer) found that the 
> delete_attachments_threshold permission was not being checked when
> a user attempted to delete an attachment from an issue. The more
> generic update_bug_threshold permission was being checked instead.
> MantisBT administrators may have been under the false impression
> that their configuration of the delete_attachments_threshold was
> successfully preventing unwanted users from deleting attachments.
>
> References: [1] http://www.mantisbt.org/bugs/view.php?id=14016

Please use CVE-2012-2692 for this issue.

> With thanks, David Hicks MantisBT Developer #mantisbt
> irc.freenode.net http://www.mantisbt.org/bugs/


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP1h/7AAoJEBYNRVNeJnmT8w8QAKahNEkjgTSY7YvMkD0H3VKn
NqfaAUapbeVqbeALakhUtZzRy6ZaVP8PxRFJi8rSHTtRuUbOYUa0O+yiGBL2euHr
NUcxLMWHx3l1aDzEMztGAzIt1qns/znUnI1q/bWkxB2T9EdIFmQ91FPJ2YQOU3Fk
Mqa5yDRFQTHmqOvMeY/gExPoRIeuHfsrgLAc7Jeq6D5k+TzKBYkclCwDleFMyh2k
zF6BdKlOFffWp+PjWLp7xOtRm3Lbea3CZXAx+2pW74REGFB5LEzaqKhSoUk1AVL3
5xrUbcp+Dt0IZX2adC8Kckx3qIxys4VxeAOsy2pkqtD+Hn3RI1qdLWtPyANPywn1
DKh7toKmZo/LjByZHxhnSEbarPyaorTh8dh9FuqxcZFrs1Oxmb7VMOU4xGQZnrGf
1X5FOBRXHFnCXgvhfpvTDfyUoyWLvp8NsxIxRZhAq0IHdirqIO6huh2+eWPiqv3c
eDiVu648oiyhnxzJcEJRczXUZKxRxe0yxza8s+pdHtaHZ3jXD9pM/DIssD3mtwFk
VCAoRKAdxi5HCKVSZXyMPs7SlPZld8eXzpi7uqgncGiiSA8dt+F3TZCgS0llG/j2
87/r1CpXb43/sjok9GxQzU3B11/frzQPg+9ddgyXHn2WakXnVxqxosNZhVE9fJ+f
Q+FtswtJ5cOR7CWjS8CM
=xLig
-----END PGP SIGNATURE-----