Project

General

Profile

Actions

Defect #10390

closed

Mass assignment security vulnerability

Added by John Yani almost 13 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Code cleanup/refactoring
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

There are many security vulnerabilities in Redmine. Some are not dangerous (such as setting created_on and updated_on fields). Some are (posting news to the project you're not allowed to).

Actions #2

Updated by Jean-Philippe Lang almost 13 years ago

All actions for non-admin users should now be fixed.

Actions #3

Updated by Jean-Philippe Lang almost 13 years ago

  • Category set to Code cleanup/refactoring
  • Status changed from New to Closed
  • Target version set to 1.3.2
  • Resolution set to Fixed

Please next time submit security issues to security at redmine dot org as requested on SubmittingBugs.

Actions

Also available in: Atom PDF