Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00274Percentile:
0.50563
CVSS Scoring
CVSS v2 Score: 5.0
Severity:
Affected Products
cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:1.3.0:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me