🛡️ Is Redmine affected by CVE-2022-32209 ?

adriens - Jun 23 '22 - - Dev Community

❔ About

Last week I got the following question :

"Do we have running RoR applications ? I saw a Post... are we affected by CVE-2022-32209 ?"
Image description

👉 The post is about how fast we could answer the questions.

First answer :

"Yes, we are running a Redmine instance and are up-to-date with the redmine:latest Docker Image"

The rest of the answer is coming below.

🛡️ Security scan

To answer if we are affected, the question can be answered within a single line of code, thanks to grype :

grype redmine:latest \
    | grep CVE-2022-32209 \
    | wc -l
Enter fullscreen mode Exit fullscreen mode

See it live :

📰 About Redmine

Redmine is a great tool which is...

"free and open source, web-based project management and issue tracking tool. It allows users to manage multiple projects"

Image description

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .