Project

General

Profile

Actions

Defect #12808

closed

Very Critical RoR Exploit [CVE-2013-0156] - Please Update/Test RedMine2.x for RoR 3.2.11

Added by Terence Mill almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
-
Category:
Rails support
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

This leak is very dangerours, because you can take over the whole server by http post injection on the api.
See Google Online Discussion
Only RoR-Versions 3.2.11, 3.1.10, 3.0.19 und 2.3.15 are safe at the moment!
There already is a Exploit Kit to easily use for everyone.

Ca u please provide work arounds. Is it enough to close the rest api?

Actions #1

Updated by Etienne Massip almost 12 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

Use one of the yesterday releases.

See Redmine 2.2.1, 2.1.6 and 1.4.6 security releases.

Actions

Also available in: Atom PDF