Mantisbt · Mantisbt · CVE-2012-2691
**Name of the Vulnerable Software and Affected Versions**
MantisBT versions prior to 1.2.11
**Description**
The issue concerns a problem with privilege checking in the `mc issue note update` function within the SOAP API. This allows remote attackers who have bug reporting privileges to edit arbitrary bugnotes by sending a SOAP request.
**Recommendations**
For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue.