VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 5, 2012· Updated Apr 29, 2026

CVE-2012-2054

CVE-2012-2054

Description

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.

Affected products

52
  • Redmine/Redmine52 versions
    cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*+ 51 more
    • cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=1.3.1
    • cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:1.3.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.