Rails vulnerability - do I need to worry? - Redmine

Rails vulnerability - do I need to worry?

http://www.h-online.com/open/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html

Our company is using redmine internally. That means for a potential attacker only the login page is reachable. Is it possible to exploit this vulnerability from there?

Replies (1)

RE: Rails vulnerability - do I need to worry? - Added by Jean-Philippe Lang about 12 years ago

Which version of Redmine are you using? Redmine 1.4.x and previous versions use a Rails version that is not affected by this one.

If you're using Redmine 2.x, this Rails vulnerability should not affect the login form anyway. But Redmine 2.0.2 will be upgraded to a fixed Rails version (3.2.5).

(1-1/1)

Project

General

Profile

Redmine

Rails vulnerability - do I need to worry?

Replies (1)

RE: Rails vulnerability - do I need to worry? - Added by Jean-Philippe Lang about 12 years ago