Search CVE reports


Toggle filters

11 – 20 of 50 results


CVE-2021-31865

Medium priority
Needs evaluation

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-31864

Medium priority
Needs evaluation

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-31863

Medium priority
Needs evaluation

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-30164

Medium priority
Needs evaluation

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-30163

Medium priority
Needs evaluation

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-36308

Medium priority
Needs evaluation

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-36307

Medium priority
Needs evaluation

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-36306

Medium priority
Needs evaluation

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-25026

Medium priority
Needs evaluation

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2021-29274

Medium priority
Not affected

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not affected Not affected Not affected
Show less packages