View Issue Details

IDProjectCategoryView StatusLast Update
0022373mantisbtsecuritypublic2017-02-14 14:57
Reporterj_schultz Assigned To 
Status newResolutionopen 
Product Version2.1.0 
Summary0022373: Reporter can edit other reporter's issues?

My Mantis instance was configured with the intention that reporters can edit their own issues (description, etc).
One of the REPORTER users of my issue tracker notified me that they can edit other users' issues too, and that they cannot remember seeing an edit button before I upgraded our Mantis instance from 1.3.x to 2.1.x, so there is a possible regression / security issue.
I reviewed our workflow thresholds and while there is a threshold for "Edit others' notes", there is no equivalent for issues. Is it intentional that a REPORTER can either edit all issues or none? If so, shouldn't there be a setting that a reporter can only edit their own issues?

TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-02-14 14:43 j_schultz New Issue