CVE-2012-2054

Q: What is the severity of CVE-2012-2054?

CVE-2012-2054 has a moderate severity level as it allows remote attackers to manipulate model attributes in Redmine.

Q: How do I fix CVE-2012-2054?

To fix CVE-2012-2054, upgrade Redmine to version 1.3.2 or later.

Q: Which versions of Redmine are affected by CVE-2012-2054?

CVE-2012-2054 affects Redmine versions prior to 1.3.2, including 0.1.0 through 1.3.1.

Q: What types of attributes can be manipulated due to CVE-2012-2054?

CVE-2012-2054 allows manipulation of attributes including Comment, Document, IssueCategory, Message, and more.

Q: Is there any validation issue related to CVE-2012-2054?

Yes, CVE-2012-2054 is caused by insufficient validation of attributes being set via a hash.

First published: Thu Apr 05 2012(Updated: )

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Redmine Redmine	<=1.3.1
Redmine Redmine	=0.1.0
Redmine Redmine	=0.2.1
Redmine Redmine	=0.2.2
Redmine Redmine	=0.3.0
Redmine Redmine	=0.4.0
Redmine Redmine	=0.4.1
Redmine Redmine	=0.4.2
Redmine Redmine	=0.5.0
Redmine Redmine	=0.5.1
Redmine Redmine	=0.6.0
Redmine Redmine	=0.6.1
Redmine Redmine	=0.6.2
Redmine Redmine	=0.6.3
Redmine Redmine	=0.6.4
Redmine Redmine	=0.7.0
Redmine Redmine	=0.7.0-rc1
Redmine Redmine	=0.7.1
Redmine Redmine	=0.7.2
Redmine Redmine	=0.7.3
Redmine Redmine	=0.7.4
Redmine Redmine	=0.8.0
Redmine Redmine	=0.8.0-rc1
Redmine Redmine	=0.8.1
Redmine Redmine	=0.8.2
Redmine Redmine	=0.8.3
Redmine Redmine	=0.8.4
Redmine Redmine	=0.8.5
Redmine Redmine	=0.8.6
Redmine Redmine	=0.8.7
Redmine Redmine	=0.9.0
Redmine Redmine	=0.9.1
Redmine Redmine	=0.9.2
Redmine Redmine	=0.9.3
Redmine Redmine	=0.9.4
Redmine Redmine	=0.9.5
Redmine Redmine	=0.9.6
Redmine Redmine	=1.0.0
Redmine Redmine	=1.0.1
Redmine Redmine	=1.0.2
Redmine Redmine	=1.0.3
Redmine Redmine	=1.0.4
Redmine Redmine	=1.0.5
Redmine Redmine	=1.1.0
Redmine Redmine	=1.1.1
Redmine Redmine	=1.1.2
Redmine Redmine	=1.1.3
Redmine Redmine	=1.2.0
Redmine Redmine	=1.2.1
Redmine Redmine	=1.2.2
Redmine Redmine	=1.2.3
Redmine Redmine	=1.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2054?
CVE-2012-2054 has a moderate severity level as it allows remote attackers to manipulate model attributes in Redmine.
How do I fix CVE-2012-2054?
To fix CVE-2012-2054, upgrade Redmine to version 1.3.2 or later.
Which versions of Redmine are affected by CVE-2012-2054?
CVE-2012-2054 affects Redmine versions prior to 1.3.2, including 0.1.0 through 1.3.1.
What types of attributes can be manipulated due to CVE-2012-2054?
CVE-2012-2054 allows manipulation of attributes including Comment, Document, IssueCategory, Message, and more.
Is there any validation issue related to CVE-2012-2054?
Yes, CVE-2012-2054 is caused by insufficient validation of attributes being set via a hash.

collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/tags
agent/description
agent/author
agent/event
agent/source
vendor/redmine
canonical/redmine redmine
version/redmine redmine/1.3.1
version/redmine redmine/0.1.0
version/redmine redmine/0.2.1
version/redmine redmine/0.2.2
version/redmine redmine/0.3.0
version/redmine redmine/0.4.0
version/redmine redmine/0.4.1
version/redmine redmine/0.4.2
version/redmine redmine/0.5.0
version/redmine redmine/0.5.1
version/redmine redmine/0.6.0
version/redmine redmine/0.6.1
version/redmine redmine/0.6.2
version/redmine redmine/0.6.3
version/redmine redmine/0.6.4
version/redmine redmine/0.7.0
version/redmine redmine/0.7.0-rc1
version/redmine redmine/0.7.1
version/redmine redmine/0.7.2
version/redmine redmine/0.7.3
version/redmine redmine/0.7.4
version/redmine redmine/0.8.0
version/redmine redmine/0.8.0-rc1
version/redmine redmine/0.8.1
version/redmine redmine/0.8.2
version/redmine redmine/0.8.3
version/redmine redmine/0.8.4
version/redmine redmine/0.8.5
version/redmine redmine/0.8.6
version/redmine redmine/0.8.7
version/redmine redmine/0.9.0
version/redmine redmine/0.9.1
version/redmine redmine/0.9.2
version/redmine redmine/0.9.3
version/redmine redmine/0.9.4
version/redmine redmine/0.9.5
version/redmine redmine/0.9.6
version/redmine redmine/1.0.0
version/redmine redmine/1.0.1
version/redmine redmine/1.0.2
version/redmine redmine/1.0.3
version/redmine redmine/1.0.4
version/redmine redmine/1.0.5
version/redmine redmine/1.1.0
version/redmine redmine/1.1.1
version/redmine redmine/1.1.2
version/redmine redmine/1.1.3
version/redmine redmine/1.2.0
version/redmine redmine/1.2.1
version/redmine redmine/1.2.2
version/redmine redmine/1.2.3
version/redmine redmine/1.3.0

CVE-2012-2054

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2054?

How do I fix CVE-2012-2054?

Which versions of Redmine are affected by CVE-2012-2054?

What types of attributes can be manipulated due to CVE-2012-2054?

Is there any validation issue related to CVE-2012-2054?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-2054?

How do I fix CVE-2012-2054?

Which versions of Redmine are affected by CVE-2012-2054?

What types of attributes can be manipulated due to CVE-2012-2054?

Is there any validation issue related to CVE-2012-2054?