View Issue Details

IDProjectCategoryView StatusLast Update
0006983Kali Linux[All Projects] Kali Websites & Docspublic2021-03-22 11:17
Reporterkali-bugreport Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006983: Permission problems in Kali bugtracker
DescriptionHaven't found any better fitting category so had chosen "Kali Websites & Docs".

I have noticed that you seems to have some permission problems in this bug tracker for the standard "Reporter" account.

For example reporters can "Clone" an issue like happen in e.g. 0006912 (clone of 0006903) or 0006960 / 0006962 (clone 0006907) plus many additional ones, i don't think that such "Reporters" should have the possibility to Clone existing issues.

In addition e.g. "Reporters" can report an issue in the "Queued Tool Addition" category like seen in 0006981:0014079, this probably should be prevented by setting stricter permissions to that category.

On the other hand there are too strict permissions and reporters can't even edit their own comments / issues and also can't close them on their own.



2021-01-10 14:04

reporter   ~0014093


Suggestions for the permissions of the "Reporter" level:

- Disallow "Clone" functionality
- Disallow creating issues in the "Queued Tool Addition" category
- Allow editing the own issues / comments
- Allow closing the own issues


2021-03-13 11:13

reporter   ~0014342

Aaaaaand, it happened again: #7096, #7095, #7094 which are all three wrongly done clones of 0007044

You should really really rework your permissions, at least for the "Reporter" level.


2021-03-13 11:33

reporter   ~0014343

#7097 is also a clone of 0007068 done by the same user...


2021-03-20 05:50

reporter   ~0014375

And another one: #0007103


2021-03-21 12:59

reporter   ~0014377

Why are you also allow reporters to change the severity to e.g. intermediate? If anyone can set their own priorities anyone thinks the own bugreport is the most important one.


2021-03-22 11:17

administrator   ~0014382

Last edited: 2021-03-22 11:17

View 2 revisions

I would gladly configure mantis to avoid those problems, in fact I already tried... but there's no option to control who can clone. If you can report a bug, then you can clone.

You might want to open a feature request to the upstream project. I'm not sure if there's a setting to limit who can change the priority either.

Issue History

Date Modified Username Field Change
2021-01-10 11:27 kali-bugreport New Issue
2021-01-10 14:04 kali-bugreport Note Added: 0014093
2021-03-13 11:13 kali-bugreport Note Added: 0014342
2021-03-13 11:33 kali-bugreport Note Added: 0014343
2021-03-20 05:50 kali-bugreport Note Added: 0014375
2021-03-21 12:59 kali-bugreport Note Added: 0014377
2021-03-22 11:17 rhertzog Note Added: 0014382
2021-03-22 11:17 rhertzog Note Edited: 0014382 View Revisions