Project

General

Profile

Actions

Defect #12808

closed

Very Critical RoR Exploit [CVE-2013-0156] - Please Update/Test RedMine2.x for RoR 3.2.11

Added by Terence Mill almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
-
Category:
Rails support
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

This leak is very dangerours, because you can take over the whole server by http post injection on the api.
See Google Online Discussion
Only RoR-Versions 3.2.11, 3.1.10, 3.0.19 und 2.3.15 are safe at the moment!
There already is a Exploit Kit to easily use for everyone.

Ca u please provide work arounds. Is it enough to close the rest api?

Actions

Also available in: Atom PDF