David Hicks

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.9 **Description** The issue concerns the SOAP API in MantisBT, where it fails to properly enforce certain permissions, specifically `bugnote allow user edit delete` and `delete bug threshold`. This allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes. **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.9 **Description** The issue concerns the access has bug level function in core/access api.php, which fails to properly restrict access when the private bug view threshold is set to an array. This allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports. **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to private bug reports until the update is applied.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.9 **Description** The issue makes it easier for remote attackers to copy bug reports without detection because it does not audit when users copy or clone a bug report. **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.9 **Description** The issue allows remote attackers to bypass authentication. This is due to the mci check login function in the SOAP API, which permits authentication bypass via a null password. **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP API until the update is applied.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.9 **Description** The issue allows remote authenticated users with manager privileges to modify or delete global categories due to improper permission checks. **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.9 **Description** The issue concerns a permission checking flaw in bug actiongroup.php. This flaw allows remote authenticated users with certain privileges to bypass access restrictions and move bug reports to different projects. **Recommendations** For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.8 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `action` parameter in bug actiongroup ext page.php, related to bug actiongroup page.php. **Recommendations** For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the bug actiongroup ext page.php page to minimize the risk of exploitation. Avoid using the `action` parameter in the affected page until the issue is resolved.