MantisBT: master-2.28 2d3a5537
| Author | Committer | Branch | Timestamp | Parent |
|---|---|---|---|---|
| dregad | dregad | master-2.28 | 2026-05-29 19:18 | master-2.28 c6ccd554 |
| Affected Issues | 0037181: CVE-2026-49280: REST and SOAP APIs allows UPDATER users to change issue status despite $g_update_bug_status_threshold | |||
| Changeset | Check update_bug_status_threshold in mc_issue_update() This missing check was allowing a user having update_bug_threshold to Fixes 0037181, GHSA-m7ph-9558-mrx3, CVE-2026-49280 |
|||
| mod - api/soap/mc_issue_api.php | Diff File | |||