Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a models attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a mass assignment vulnerability, a different vulnerability than CVE-2012-0327.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Redmine | Redmine | * | 1.3.1 (including) |
| Redmine | Redmine | 0.1.0 (including) | 0.1.0 (including) |
| Redmine | Redmine | 0.2.1 (including) | 0.2.1 (including) |
| Redmine | Redmine | 0.2.2 (including) | 0.2.2 (including) |
| Redmine | Redmine | 0.3.0 (including) | 0.3.0 (including) |
| Redmine | Redmine | 0.4.0 (including) | 0.4.0 (including) |
| Redmine | Redmine | 0.4.1 (including) | 0.4.1 (including) |
| Redmine | Redmine | 0.4.2 (including) | 0.4.2 (including) |
| Redmine | Redmine | 0.5.0 (including) | 0.5.0 (including) |
| Redmine | Redmine | 0.5.1 (including) | 0.5.1 (including) |
| Redmine | Redmine | 0.6.0 (including) | 0.6.0 (including) |
| Redmine | Redmine | 0.6.1 (including) | 0.6.1 (including) |
| Redmine | Redmine | 0.6.2 (including) | 0.6.2 (including) |
| Redmine | Redmine | 0.6.3 (including) | 0.6.3 (including) |
| Redmine | Redmine | 0.6.4 (including) | 0.6.4 (including) |
| Redmine | Redmine | 0.7.0 (including) | 0.7.0 (including) |
| Redmine | Redmine | 0.7.0-rc1 (including) | 0.7.0-rc1 (including) |
| Redmine | Redmine | 0.7.1 (including) | 0.7.1 (including) |
| Redmine | Redmine | 0.7.2 (including) | 0.7.2 (including) |
| Redmine | Redmine | 0.7.3 (including) | 0.7.3 (including) |
| Redmine | Redmine | 0.7.4 (including) | 0.7.4 (including) |
| Redmine | Redmine | 0.8.0 (including) | 0.8.0 (including) |
| Redmine | Redmine | 0.8.0-rc1 (including) | 0.8.0-rc1 (including) |
| Redmine | Redmine | 0.8.1 (including) | 0.8.1 (including) |
| Redmine | Redmine | 0.8.2 (including) | 0.8.2 (including) |
| Redmine | Redmine | 0.8.3 (including) | 0.8.3 (including) |
| Redmine | Redmine | 0.8.4 (including) | 0.8.4 (including) |
| Redmine | Redmine | 0.8.5 (including) | 0.8.5 (including) |
| Redmine | Redmine | 0.8.6 (including) | 0.8.6 (including) |
| Redmine | Redmine | 0.8.7 (including) | 0.8.7 (including) |
| Redmine | Redmine | 0.9.0 (including) | 0.9.0 (including) |
| Redmine | Redmine | 0.9.1 (including) | 0.9.1 (including) |
| Redmine | Redmine | 0.9.2 (including) | 0.9.2 (including) |
| Redmine | Redmine | 0.9.3 (including) | 0.9.3 (including) |
| Redmine | Redmine | 0.9.4 (including) | 0.9.4 (including) |
| Redmine | Redmine | 0.9.5 (including) | 0.9.5 (including) |
| Redmine | Redmine | 0.9.6 (including) | 0.9.6 (including) |
| Redmine | Redmine | 1.0.0 (including) | 1.0.0 (including) |
| Redmine | Redmine | 1.0.1 (including) | 1.0.1 (including) |
| Redmine | Redmine | 1.0.2 (including) | 1.0.2 (including) |
| Redmine | Redmine | 1.0.3 (including) | 1.0.3 (including) |
| Redmine | Redmine | 1.0.4 (including) | 1.0.4 (including) |
| Redmine | Redmine | 1.0.5 (including) | 1.0.5 (including) |
| Redmine | Redmine | 1.1.0 (including) | 1.1.0 (including) |
| Redmine | Redmine | 1.1.1 (including) | 1.1.1 (including) |
| Redmine | Redmine | 1.1.2 (including) | 1.1.2 (including) |
| Redmine | Redmine | 1.1.3 (including) | 1.1.3 (including) |
| Redmine | Redmine | 1.2.0 (including) | 1.2.0 (including) |
| Redmine | Redmine | 1.2.1 (including) | 1.2.1 (including) |
| Redmine | Redmine | 1.2.2 (including) | 1.2.2 (including) |
| Redmine | Redmine | 1.2.3 (including) | 1.2.3 (including) |
| Redmine | Redmine | 1.3.0 (including) | 1.3.0 (including) |