An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".Referenceshttps://security-tracker.debian.org/tracker/CVE-2013-1811http://www.debian.org/security/2015/dsa-3120http://www.openwall.com/lists/oss-security/2013/03/03/6http://www.openwall.com/lists/oss-security/2013/03/04/9https://mantisbt.org/bugs/view.php?id=15258
