Tomr

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.2.12 through 1.2.14 **Description** The issue allows authenticated users to bypass the workflow restriction and close issues. **Recommendations** For MantisBT versions 1.2.12 through 1.2.14, update to version 1.2.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.12 **Description** The issue allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting. This occurs because MantisBT does not use an expected default value during decisions about whether a user may modify the status of a bug. **Recommendations** For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue.