Actions
Security Advisories » History » Revision 23
« Previous |
Revision 23/79
(diff)
| Next »
Jan from Planio www.plan.io, 2015-12-07 09:55
Adding potential changeset message disclosure and its CVE
Redmine Security Advisories¶
This page lists the security vulnerabilities that were fixed in Redmine releases, starting from 1.3.0. If you think that you've found a security vulnerability, please report it by sending an email to: security(at)redmine.org.
| Severity | Details | External references | Affected versions | Fixed versions |
|---|---|---|---|---|
| Moderate | Data disclosure in atom feed | All prior releases | 2.6.9, 3.0.7 and 3.1.3 | |
| Moderate | Potential changeset message disclosure in issues API | CVE-2015-8473 | All prior releases | 2.6.8, 3.0.6 and 3.1.2 |
| Moderate | Data disclosure on the time logging form | All prior releases | 2.6.8, 3.0.6 and 3.1.2 | |
| Moderate | Open Redirect vulnerability | CVE-2015-8474 | 2.5.1 to 2.6.6, 3.0.0 to 3.0.4 and 3.1.0 | 2.6.7, 3.0.5 and 3.1.1 |
| Low | Potential XSS vulnerability when rendering some flash messages | CVE-2015-8477 | All prior releases | 2.6.2 and 3.0.0 |
| Moderate | Potential data leak (project names) in the invalid form authenticity token error screen | All prior releases | 2.4.6 and 2.5.2 | |
| Moderate | Open Redirect vulnerability | JVN#93004610, CVE-2014-1985 | All prior releases | 2.4.5 and 2.5.1 |
| Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.4 | 2.2.4, 2.3.0 | |
| Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.3 | 2.2.3 | |
| Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.1 and 2.1.6 | Fix for 1.4.7 | |
| Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.1 and 2.1.6 | 1.4.7 | |
| Critical | Ruby on Rails vulnerability (announcement) | All prior releases | 2.2.1, 2.1.6, 1.4.6 | |
| Moderate | XSS vulnerability | 2.1.0 and 2.1.1 | 2.1.2 | |
| High | Persistent XSS vulnerability | JVN#93406632, CVE-2012-0327 | All prior releases | 1.3.2 |
| Moderate | Mass-assignemnt vulnerability that would allow an attacker to bypass part of the security checks | All prior releases | 1.3.2 | |
| High | Vulnerability that would allow an attacker to bypass the CSRF protection | All prior releases | 1.3.0 |
Updated by Jan from Planio www.plan.io almost 9 years ago · 23 revisions locked