0007031: Priority can still be changed via "backdoor" means

ID	Project	Category		Date Submitted	Last Update

0007031	Website/Wiki/Bug Tracker	Bug - Bug Tracker		Apr 10, 2012 11:45 pm	Jun 26, 2024 8:06 am

Reporter	TechSY730	Assigned To	Dominus Arbitrationis
Status	closed	Resolution	no change required

Summary	0007031: Priority can still be changed via "backdoor" means
Description	As seen in issue 0000824 (although many others were hit), there has been a successful "permissions bypass" to edit the priority field even though it was supposedly disabled. Marked as major as there is a risk that this type of attack could possibly be used to edit other, more important fields (like status or internal developer priority)
Tags	No tags attached.

Date Modified	Username	Field	Change
Apr 10, 2012 11:45 pm	TechSY730	New Issue
Apr 10, 2012 11:52 pm	TechSY730	Note Added: 0021927
Apr 11, 2012 8:55 am	tigersfan	Internal Weight	=> New
Apr 11, 2012 8:55 am	tigersfan	Status	new => closed
Apr 11, 2012 8:55 am	tigersfan	Resolution	open => no change required
Feb 5, 2015 9:28 pm	Dominus Arbitrationis	Assigned To	=> Dominus Arbitrationis
Feb 5, 2015 9:28 pm	Dominus Arbitrationis	Status	closed => assigned
Apr 29, 2015 8:37 pm	Dominus Arbitrationis	Status	assigned => acknowledged
Jul 4, 2015 5:59 pm	Dominus Arbitrationis	Status	acknowledged => closed
Jun 26, 2024 8:06 am	Dominus Arbitrationis	Category	Bug - Other => Bug - Bug Tracker

TechSY730 Apr 10, 2012 11:52 pm reporter ~0021927	If I had to guess how he pulled it off, I would say either constructing a URL or forging POST requests that could not of come from the actual web-page