Project

General

Profile

Actions
Copy link

Defect #12808

closed

Very Critical RoR Exploit [CVE-2013-0156] - Please Update/Test RedMine2.x for RoR 3.2.11

Added by Terence Mill over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
-
Category:
Rails support
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:
2.2.0

Description

This leak is very dangerours, because you can take over the whole server by http post injection on the api.
See Google Online Discussion
Only RoR-Versions 3.2.11, 3.1.10, 3.0.19 und 2.3.15 are safe at the moment!
There already is a Exploit Kit to easily use for everyone.

Ca u please provide work arounds. Is it enough to close the rest api?

Actions
Copy link
 #1

Updated by Etienne Massip over 11 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

Use one of the yesterday releases.

See Redmine 2.2.1, 2.1.6 and 1.4.6 security releases.

Actions
Copy link

Also available in: Atom PDF