CVE-2012-1118

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.9

Description The issue concerns the access has bug level function in core/access api.php, which fails to properly restrict access when the private bug view threshold is set to an array. This allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.

Recommendations For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to private bug reports until the update is applied.