Public CVE-2013-1809 disclosure

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".