|
Mantis Print Reports Limit Reporters Option Bypass Vulnerability
Solution: The vendor has included a source code fix: In print_all_bug_page.php, after the block of assignments from $t_setting_arr, insert the following lines: # Limit reporters to only see their reported bugs if (( ON == $g_limit_reporters ) && ( !access_level_check_greater_or_equal( UPDATER ) )) { $f_user_id = get_current_user_field( "id" ); } The vendor has addressed this issue in Mantis 0.17.4 and later: Mantis Mantis 0.16 .0
Mantis Mantis 0.16.1
Mantis Mantis 0.17 .0
Mantis Mantis 0.17.1
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
|
|
 Privacy Statement |
