← Back

CVE-2012-2054

nvd nist

Published: Apr 5, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.

Affected (52)

Products: Redmine: Redmine

Redmine

1 product

Redmine

Configuration A

52 vulnerable

Vulnerable Software	Affected Versions
Redmine Redmine	Up to 1.3.1
Redmine Redmine	Version 0.1.0
Redmine Redmine	Version 0.2.1
Redmine Redmine	Version 0.2.2
Redmine Redmine	Version 0.3.0
Redmine Redmine	Version 0.4.0
Redmine Redmine	Version 0.4.1
Redmine Redmine	Version 0.4.2
Redmine Redmine	Version 0.5.0
Redmine Redmine	Version 0.5.1
Redmine Redmine	Version 0.6.0
Redmine Redmine	Version 0.6.1
Redmine Redmine	Version 0.6.2
Redmine Redmine	Version 0.6.3
Redmine Redmine	Version 0.6.4
Redmine Redmine	Version 0.7.0
Redmine Redmine	Version 0.7.0 rc1
Redmine Redmine	Version 0.7.1
Redmine Redmine	Version 0.7.2
Redmine Redmine	Version 0.7.3
Redmine Redmine	Version 0.7.4
Redmine Redmine	Version 0.8.0
Redmine Redmine	Version 0.8.0 rc1
Redmine Redmine	Version 0.8.1
Redmine Redmine	Version 0.8.2
Redmine Redmine	Version 0.8.3
Redmine Redmine	Version 0.8.4
Redmine Redmine	Version 0.8.5
Redmine Redmine	Version 0.8.6
Redmine Redmine	Version 0.8.7
Redmine Redmine	Version 0.9.0
Redmine Redmine	Version 0.9.1
Redmine Redmine	Version 0.9.2
Redmine Redmine	Version 0.9.3
Redmine Redmine	Version 0.9.4
Redmine Redmine	Version 0.9.5
Redmine Redmine	Version 0.9.6
Redmine Redmine	Version 1.0.0
Redmine Redmine	Version 1.0.1
Redmine Redmine	Version 1.0.2
Redmine Redmine	Version 1.0.3
Redmine Redmine	Version 1.0.4
Redmine Redmine	Version 1.0.5
Redmine Redmine	Version 1.1.0
Redmine Redmine	Version 1.1.1
Redmine Redmine	Version 1.1.2
Redmine Redmine	Version 1.1.3
Redmine Redmine	Version 1.2.0
Redmine Redmine	Version 1.2.1
Redmine Redmine	Version 1.2.2
Redmine Redmine	Version 1.2.3
Redmine Redmine	Version 1.3.0

Related CWEs

CWE-255

References (6)

http://www.redmine.org/boards/2/topics/29343

Source: cve@mitre.org

http://www.redmine.org/issues/10390

Source: cve@mitre.org

http://www.redmine.org/versions/42

Source: cve@mitre.org

http://www.redmine.org/boards/2/topics/29343

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redmine.org/issues/10390

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redmine.org/versions/42

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.