Defect #10390: Mass assignment security vulnerability - Redmine

Actions

Copy link

Defect #10390

closed

Mass assignment security vulnerability

Added by John Yani over 12 years ago. Updated over 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Code cleanup/refactoring

Target version:

1.3.2

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Fixed

Affected version:

Description

There are many security vulnerabilities in Redmine. Some are not dangerous (such as setting created_on and updated_on fields). Some are (posting news to the project you're not allowed to).

Actions

Copy link

Updated by John Yani over 12 years ago

Discussions:

http://www.redmine.org/boards/1/topics/29360
http://www.redmine.org/boards/2/topics/29343

Actions

Copy link

Updated by Jean-Philippe Lang over 12 years ago

All actions for non-admin users should now be fixed.

Actions

Copy link

Updated by Jean-Philippe Lang over 12 years ago

Category set to Code cleanup/refactoring
Status changed from New to Closed
Target version set to 1.3.2
Resolution set to Fixed

Please next time submit security issues to security at redmine dot org as requested on SubmittingBugs.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #10390

Mass assignment security vulnerability

Updated by John Yani over 12 years ago

Updated by Jean-Philippe Lang over 12 years ago

Updated by Jean-Philippe Lang over 12 years ago