Security Advisory

CVE-2012-2692

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-06-17 01:00:00

Last updated 2024-08-06 19:42:32

Assigner redhat

State PUBLISHED

Description

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

← Browse all CVEs View on cve.org ↗