CVE-2012-2054

Опубликовано: 05 апр. 2012

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*

Версия до 1.3.1 (включая)

cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00274

Низкий

5 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

CVE-2012-2054

ubuntu

почти 14 лет назад

CVE-2012-2054

debian

почти 14 лет назад

Redmine before 1.3.2 does not properly restrict the use of a hash to p ...

GHSA-fcfx-v2jw-qj3q

github

больше 3 лет назад

EPSS

Процентиль: 50%

0.00274

Низкий

5 Medium

CVSS2

Дефекты

CWE-255