Description
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
Remediation
References
Related Vulnerabilities
WordPress Plugin SP Project & Document Manager Cross-Site Scripting (4.25)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33375)
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)