CVE-2012-2691

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.11

Description The issue concerns a problem with privilege checking in the mc issue note update function within the SOAP API. This allows remote attackers who have bug reporting privileges to edit arbitrary bugnotes by sending a SOAP request.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue.