CVE-2012-1120

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.9

Description The issue concerns the SOAP API in MantisBT, where it fails to properly enforce certain permissions, specifically bugnote allow user edit delete and delete bug threshold. This allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.

Recommendations For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue.