Several vulnerabilities were discovered in Mantis, am issue tracking system. CVE-2012-1118 Mantis installation in which the private_bug_view_threshold configuration option has been set to an array value do not properly enforce bug viewing restrictions. CVE-2012-1119 Copy/clone bug report actions fail to leave an audit trail. CVE-2012-1120 The delete_bug_threshold/bugnote_allow_user_edit_delete access check can be bypassed by users who have write access to the SOAP API. CVE-2012-1122 Mantis performed access checks incorrectly when moving bugs between projects. CVE-2012-1123 A SOAP client sending a null password field can authenticate as the Mantis administrator. CVE-2012-2692 Mantis does not check the delete_attachments_threshold permission when a user attempts to delete an attachment from an issue.