View Issue Details

IDProjectCategoryView StatusLast Update
0006983Kali LinuxKali Websites & Docspublic2024-05-14 16:27
Reporterkali-bugreport Assigned Tog0tmi1k  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionno change required 
Summary0006983: Permission problems in Kali bugtracker
Description

Haven't found any better fitting category so had chosen "Kali Websites & Docs".

I have noticed that you seems to have some permission problems in this bug tracker for the standard "Reporter" account.

For example reporters can "Clone" an issue like happen in e.g. 0006912 (clone of 0006903) or 0006960 / 0006962 (clone 0006907) plus many additional ones, i don't think that such "Reporters" should have the possibility to Clone existing issues.

In addition e.g. "Reporters" can report an issue in the "Queued Tool Addition" category like seen in 0006981:0014079, this probably should be prevented by setting stricter permissions to that category.

On the other hand there are too strict permissions and reporters can't even edit their own comments / issues and also can't close them on their own.

Activities

kali-bugreport

kali-bugreport

2021-01-10 14:04

reporter   ~0014093

TLDR;

Suggestions for the permissions of the "Reporter" level:

  • Disallow "Clone" functionality
  • Disallow creating issues in the "Queued Tool Addition" category
  • Allow editing the own issues / comments
  • Allow closing the own issues
kali-bugreport

kali-bugreport

2021-03-13 11:13

reporter   ~0014342

Aaaaaand, it happened again: #7096, #7095, #7094 which are all three wrongly done clones of 0007044

You should really really rework your permissions, at least for the "Reporter" level.

kali-bugreport

kali-bugreport

2021-03-13 11:33

reporter   ~0014343

#7097 is also a clone of 0007068 done by the same user...

kali-bugreport

kali-bugreport

2021-03-20 05:50

reporter   ~0014375

And another one: #0007103

kali-bugreport

kali-bugreport

2021-03-21 12:59

reporter   ~0014377

Why are you also allow reporters to change the severity to e.g. intermediate? If anyone can set their own priorities anyone thinks the own bugreport is the most important one.

rhertzog

rhertzog

2021-03-22 11:17

administrator   ~0014382

Last edited: 2021-03-22 11:17

I would gladly configure mantis to avoid those problems, in fact I already tried... but there's no option to control who can clone. If you can report a bug, then you can clone.

You might want to open a feature request to the upstream project. I'm not sure if there's a setting to limit who can change the priority either.

g0tmi1k

g0tmi1k

2024-05-14 16:27

administrator   ~0019271

Ive tried to reduce what options we have enabled, but yeah, this is something that needs to go upstream https://mantisbt.org/support.php

Issue History

Date Modified Username Field Change
2021-01-10 11:27 kali-bugreport New Issue
2021-01-10 14:04 kali-bugreport Note Added: 0014093
2021-03-13 11:13 kali-bugreport Note Added: 0014342
2021-03-13 11:33 kali-bugreport Note Added: 0014343
2021-03-20 05:50 kali-bugreport Note Added: 0014375
2021-03-21 12:59 kali-bugreport Note Added: 0014377
2021-03-22 11:17 rhertzog Note Added: 0014382
2021-03-22 11:17 rhertzog Note Edited: 0014382
2024-05-14 16:27 g0tmi1k Note Added: 0019271
2024-05-14 16:27 g0tmi1k Assigned To => g0tmi1k
2024-05-14 16:27 g0tmi1k Status new => closed
2024-05-14 16:27 g0tmi1k Resolution open => no change required