Search CVE reports
11 – 20 of 50 results
CVE-2021-31865
Medium priorityRedmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-31864
Medium priorityRedmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-31863
Medium priorityInsufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-30164
Medium priorityRedmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-30163
Medium priorityRedmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-36308
Medium priorityRedmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-36307
Medium priorityRedmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-36306
Medium priorityRedmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-25026
Medium priorityRedmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Not affected | Needs evaluation | Needs evaluation |
CVE-2021-29274
Medium priorityRedmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | — | — | Not affected | Not affected | Not affected |