Red Hat Linux
Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)
You seem to have CSS turned off.
Please don't fill out this field.
Briefly describe the problem (required):
Please provide the ad click URL, if possible:
I noticed today that a user named 'VishalThakur' was able to edit
someone else's note on our tracker.
I'm not sure what the setting for $g_update_bugnote_threshold is on
mantisbt.org, but since by default the access level is Developer and I
don't think this guy has that role (or even anything above Reporter for
that matter), that probably means that there is a possibility (soap?)
for reporters to bypass security.
Just thought I'd bring this to your attention.