Project

General

Profile

Forums » Open discussion »

SSL/TLS MITM vulnerability (CVE-2014-0224)

Added by Anoop Aravind over 10 years ago

Hello friends,

In a recent security scan in our organisation, we came to know that the redmine is vulnerable to SSL/TLS MITM vulnerability (CVE-2014-0224).

Not sure if this is already reported (I did search the issue list as well as the forums).

Can you please tell me if the latest versions of redmine addresses this issue ?

We use 2.3.3 stable of redmine.

Some links on this vulnerability : http://www.openssl.org/news/secadv_20140605.txt

http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html


Replies (2)

RE: SSL/TLS MITM vulnerability (CVE-2014-0224) - Added by @ go2null over 10 years ago

This is not a Redmine issue.

You need to update OpenSSL. See your Operating System instructions.

RE: SSL/TLS MITM vulnerability (CVE-2014-0224) - Added by Jan Niggemann (redmine.org team member) over 10 years ago

Anoop Aravind wrote:

In a recent security scan in our organisation, we came to know that the redmine is vulnerable to SSL/TLS MITM vulnerability (CVE-2014-0224).

This is no vulnerability in redmine, this CVE concerns OpenSSL.

    (1-2/2)