Vulnerabilites related to Redmine - Redmine
cve-2011-4929
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/06/5 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2261 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/01/06/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/news/49 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"name": "http://www.redmine.org/news/49",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4929",
"datePublished": "2012-10-08T18:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:09.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47260
Vulnerability from cvelistv5
Published
2023-11-05 00:00
Modified
2024-09-05 14:19
Severity ?
EPSS score ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:35.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:19:09.426086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:19:21.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-05T03:14:15.304668",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47260",
"datePublished": "2023-11-05T00:00:00",
"dateReserved": "2023-11-05T00:00:00",
"dateUpdated": "2024-09-05T14:19:21.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4079
Vulnerability from cvelistv5
Published
2009-11-25 21:22
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3291 | vdb-entry, x_refsource_VUPEN | |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/37066 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54334 | vdb-entry, x_refsource_XF | |
| http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN87341298/index.html | third-party-advisory, x_refsource_JVN | |
| http://rubyforge.org/frs/shownotes.php?release_id=41440 | x_refsource_MISC | |
| http://secunia.com/advisories/37420 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:08.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"name": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15",
"refsource": "MISC",
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=41440",
"refsource": "MISC",
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4079",
"datePublished": "2009-11-25T21:22:00",
"dateReserved": "2009-11-25T00:00:00",
"dateUpdated": "2024-08-07T06:54:08.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31863
Vulnerability from cvelistv5
Published
2021-04-28 06:17
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31863",
"datePublished": "2021-04-28T06:17:10",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16804
Vulnerability from cvelistv5
Published
2017-11-13 20:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/25713 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/25713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/25713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/25713",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/25713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16804",
"datePublished": "2017-11-13T20:00:00",
"dateReserved": "2017-11-13T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47259
Vulnerability from cvelistv5
Published
2023-11-05 00:00
Modified
2024-09-05 14:20
Severity ?
EPSS score ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:35.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:20:17.501573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:20:32.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-05T03:14:29.044810",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47259",
"datePublished": "2023-11-05T00:00:00",
"dateReserved": "2023-11-05T00:00:00",
"dateUpdated": "2024-09-05T14:20:32.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42326
Vulnerability from cvelistv5
Published
2021-10-12 18:08
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/133 | x_refsource_MISC | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 | x_refsource_MISC | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"name": "[debian-lts-announce] 20211018 [SECURITY] [DLA 2787-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T19:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"name": "[debian-lts-announce] 20211018 [SECURITY] [DLA 2787-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/133",
"refsource": "MISC",
"url": "https://www.redmine.org/news/133"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"name": "[debian-lts-announce] 20211018 [SECURITY] [DLA 2787-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42326",
"datePublished": "2021-10-12T18:08:53",
"dateReserved": "2021-10-12T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0327
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/52447 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN93406632/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.redmine.org/versions/42 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52447"
},
{
"name": "JVNDB-2012-000025",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"name": "JVN#93406632",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redmine.org/versions/42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "52447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52447"
},
{
"name": "JVNDB-2012-000025",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"name": "JVN#93406632",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redmine.org/versions/42"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52447"
},
{
"name": "JVNDB-2012-000025",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"name": "JVN#93406632",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"name": "http://www.redmine.org/versions/42",
"refsource": "MISC",
"url": "http://www.redmine.org/versions/42"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0327",
"datePublished": "2012-04-04T10:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4481
Vulnerability from cvelistv5
Published
2008-10-08 01:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/wiki/redmine/Changelog | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43884 | vdb-entry, x_refsource_XF | |
| http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN00945448/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/30241 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"name": "redmine-unspecified-xss(43884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"name": "JVNDB-2008-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"name": "JVN#00945448",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"name": "30241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"name": "redmine-unspecified-xss(43884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"name": "JVNDB-2008-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"name": "JVN#00945448",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"name": "30241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/wiki/redmine/Changelog",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"name": "redmine-unspecified-xss(43884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"name": "JVNDB-2008-000038",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"name": "JVN#00945448",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"name": "30241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4481",
"datePublished": "2008-10-08T01:00:00",
"dateReserved": "2008-10-07T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31864
Vulnerability from cvelistv5
Published
2021-04-28 06:16
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31864",
"datePublished": "2021-04-28T06:16:57",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8474
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/news/101 | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/19577 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/78625 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/19577"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"name": "78625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/19577"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"name": "78625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/news/101",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/101"
},
{
"name": "https://www.redmine.org/issues/19577",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/19577"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"name": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"name": "78625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8474",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4078
Vulnerability from cvelistv5
Published
2009-11-25 21:22
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3291 | vdb-entry, x_refsource_VUPEN | |
| http://rubyforge.org/frs/shownotes.php?release_id=41108 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37066 | vdb-entry, x_refsource_BID | |
| http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN87341298/index.html | third-party-advisory, x_refsource_JVN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54333 | vdb-entry, x_refsource_XF | |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN01245481/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/37420 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "redmine-unspecified-input-xss(54333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"name": "JVNDB-2009-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"name": "JVN#01245481",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "redmine-unspecified-input-xss(54333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"name": "JVNDB-2009-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"name": "JVN#01245481",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=41108",
"refsource": "CONFIRM",
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"name": "37066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"name": "JVN#87341298",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "redmine-unspecified-input-xss(54333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"name": "JVNDB-2009-000073",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"name": "JVN#01245481",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"name": "37420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4078",
"datePublished": "2009-11-25T21:22:00",
"dateReserved": "2009-11-25T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44031
Vulnerability from cvelistv5
Published
2022-12-12 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44031",
"datePublished": "2022-12-12T00:00:00",
"dateReserved": "2022-10-30T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36308
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36308",
"datePublished": "2021-04-06T07:59:18",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15575
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/24307 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/24307"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project\u0027s settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/24307"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project\u0027s settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/24307",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/24307"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15575",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15571
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
},
{
"name": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15571",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18890
Vulnerability from cvelistv5
Published
2019-11-21 17:46
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2019-18890 | x_refsource_MISC | |
| https://www.debian.org/security/2019/dsa-4574 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Nov/31 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4574 | x_refsource_MISC | |
| https://usn.ubuntu.com/4200-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/RealLinkers/CVE-2019-18890 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/RealLinkers/CVE-2019-18890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T14:50:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RealLinkers/CVE-2019-18890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-18890",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"name": "DSA-4574",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "https://www.debian.org/security/2019/dsa-4574",
"refsource": "MISC",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "USN-4200-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"name": "https://github.com/RealLinkers/CVE-2019-18890",
"refsource": "MISC",
"url": "https://github.com/RealLinkers/CVE-2019-18890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18890",
"datePublished": "2019-11-21T17:46:41",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47258
Vulnerability from cvelistv5
Published
2023-11-05 00:00
Modified
2024-09-05 14:21
Severity ?
EPSS score ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:21:13.550364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:21:27.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-05T03:14:35.371465",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47258",
"datePublished": "2023-11-05T00:00:00",
"dateReserved": "2023-11-05T00:00:00",
"dateUpdated": "2024-09-05T14:21:27.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25026
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25026",
"datePublished": "2021-04-06T07:59:04",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15576
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/23803 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/23803"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/23803"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/23803",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/23803"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15576",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4459
Vulnerability from cvelistv5
Published
2009-12-30 19:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37425 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/10554 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54947 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37425"
},
{
"name": "10554",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"name": "redmine-title-xss(54947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37425"
},
{
"name": "10554",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"name": "redmine-title-xss(54947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37425"
},
{
"name": "10554",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"name": "redmine-title-xss(54947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4459",
"datePublished": "2009-12-30T19:00:00",
"dateReserved": "2009-12-30T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17427
Vulnerability from cvelistv5
Published
2019-10-10 00:42
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.debian.org/security/2019/dsa-4574 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Nov/31 | mailing-list, x_refsource_BUGTRAQ | |
| https://usn.ubuntu.com/4200-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/RealLinkers/CVE-2019-17427 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/RealLinkers/CVE-2019-17427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T18:37:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RealLinkers/CVE-2019-17427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4574",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "USN-4200-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"name": "https://github.com/RealLinkers/CVE-2019-17427",
"refsource": "MISC",
"url": "https://github.com/RealLinkers/CVE-2019-17427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17427",
"datePublished": "2019-10-10T00:42:09",
"dateReserved": "2019-10-10T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30164
Vulnerability from cvelistv5
Published
2021-04-06 07:58
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30164",
"datePublished": "2021-04-06T07:58:51",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8537
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/news/103 | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/news/103",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/103"
},
{
"name": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8537",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-12-10T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2054
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/versions/42 | x_refsource_CONFIRM | |
| http://www.redmine.org/issues/10390 | x_refsource_CONFIRM | |
| http://www.redmine.org/boards/2/topics/29343 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/versions/42"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/issues/10390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/boards/2/topics/29343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-04T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/versions/42"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/issues/10390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/boards/2/topics/29343"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/versions/42",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/versions/42"
},
{
"name": "http://www.redmine.org/issues/10390",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/issues/10390"
},
{
"name": "http://www.redmine.org/boards/2/topics/29343",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/boards/2/topics/29343"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2054",
"datePublished": "2012-04-04T10:00:00Z",
"dateReserved": "2012-04-04T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:00.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29274
Vulnerability from cvelistv5
Published
2021-03-29 03:46
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/issues/33846 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/issues/33846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine 4.1.x before 4.1.2 allows XSS because an issue\u0027s subject is mishandled in the auto complete tip."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T05:12:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/issues/33846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine 4.1.x before 4.1.2 allows XSS because an issue\u0027s subject is mishandled in the auto complete tip."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/33846",
"refsource": "MISC",
"url": "https://www.redmine.org/issues/33846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29274",
"datePublished": "2021-03-29T03:46:59",
"dateReserved": "2021-03-29T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8346
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/issues/21150 | x_refsource_CONFIRM | |
| http://www.redmine.org/news/102 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/21150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/102"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/21150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/102"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/issues/21150",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/21150"
},
{
"name": "http://www.redmine.org/news/102",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/102"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"name": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8346",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-11-25T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15574
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/issues/24199 | x_refsource_CONFIRM | |
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/24199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/24199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/issues/24199",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/24199"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15574",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31866
Vulnerability from cvelistv5
Published
2021-04-28 06:16
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31866",
"datePublished": "2021-04-28T06:16:31",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15573
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/25503 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/25503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/25503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/25503",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/25503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15573",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30163
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30163",
"datePublished": "2021-04-06T07:59:55",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15572
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/24416 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/24416"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/24416"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/24416",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/24416"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15572",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31865
Vulnerability from cvelistv5
Published
2021-04-28 06:16
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31865",
"datePublished": "2021-04-28T06:16:47",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1985
Vulnerability from cvelistv5
Published
2014-04-11 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.redmine.org/projects/redmine/wiki/Changelog | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN93004610/index.html | third-party-advisory, x_refsource_JVN | |
| https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q2/84 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/66674 | vdb-entry, x_refsource_BID | |
| http://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57524 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redmine.org/projects/redmine/wiki/Changelog_2_4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"name": "JVN#93004610",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"name": "[oss-security] 20140410 Re: CVE request: redmine open redirector",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"name": "66674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "57524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57524"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"name": "JVN#93004610",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"name": "[oss-security] 20140410 Re: CVE request: redmine open redirector",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"name": "66674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "57524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57524"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000041",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Changelog",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"name": "JVN#93004610",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"name": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"name": "[oss-security] 20140410 Re: CVE request: redmine open redirector",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"name": "66674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66674"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "57524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57524"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1985",
"datePublished": "2014-04-11T14:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44637
Vulnerability from cvelistv5
Published
2022-12-12 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:04.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44637",
"datePublished": "2022-12-12T00:00:00",
"dateReserved": "2022-11-03T00:00:00",
"dateUpdated": "2024-08-03T13:54:04.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36307
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36307",
"datePublished": "2021-04-06T07:59:32",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8477
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/12/05/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/12/05/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/19117 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/19117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/19117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/19117",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/19117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8477",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2015-12-05T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44030
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/news/139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"url": "https://www.redmine.org/news/139"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44030",
"datePublished": "2022-12-06T00:00:00",
"dateReserved": "2022-10-30T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8473
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/78621 | vdb-entry, x_refsource_BID | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_3_0 | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/21136 | x_refsource_CONFIRM | |
| https://www.redmine.org/versions/105 | x_refsource_CONFIRM | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_3_1 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/21136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/versions/105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/21136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/versions/105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78621"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"name": "https://www.redmine.org/issues/21136",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/21136"
},
{
"name": "https://www.redmine.org/versions/105",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/versions/105"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"name": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8473",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10515
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-06 03:21
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:52.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10515",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-06T03:21:52.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36306
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36306",
"datePublished": "2021-04-06T07:59:42",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15577
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/23793 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/23793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/23793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/23793",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/23793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15577",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15569
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
},
{
"name": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15569",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15570
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15570",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1723
Vulnerability from cvelistv5
Published
2011-04-19 19:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/47193 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/43999 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/517355/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2011/0895 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/8211 | third-party-advisory, x_refsource_SREASON | |
| http://osvdb.org/71564 | vdb-entry, x_refsource_OSVDB | |
| http://www.redmine.org/news/53 | x_refsource_CONFIRM | |
| http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66612 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47193"
},
{
"name": "43999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43999"
},
{
"name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"name": "ADV-2011-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"name": "8211",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8211"
},
{
"name": "71564",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71564"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"name": "redmine-base-xss(66612)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47193"
},
{
"name": "43999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43999"
},
{
"name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"name": "ADV-2011-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"name": "8211",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8211"
},
{
"name": "71564",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71564"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"name": "redmine-base-xss(66612)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47193"
},
{
"name": "43999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43999"
},
{
"name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"name": "ADV-2011-0895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"name": "8211",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8211"
},
{
"name": "71564",
"refsource": "OSVDB",
"url": "http://osvdb.org/71564"
},
{
"name": "http://www.redmine.org/news/53",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/53"
},
{
"name": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"name": "redmine-base-xss(66612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1723",
"datePublished": "2011-04-19T19:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37156
Vulnerability from cvelistv5
Published
2021-08-05 20:36
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/132 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:02.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user\u0027s account, but the intended behavior is for those sessions to be terminated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:36:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user\u0027s account, but the intended behavior is for those sessions to be terminated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/132",
"refsource": "MISC",
"url": "https://www.redmine.org/news/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37156",
"datePublished": "2021-08-05T20:36:35",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:02.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4928
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/06/5 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2261 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/01/06/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/news/49 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"name": "http://www.redmine.org/news/49",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4928",
"datePublished": "2012-10-08T18:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:46.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15568
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15568",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4927
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-09-16 20:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/06/5 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2261 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/01/06/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/news/49 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"name": "http://www.redmine.org/news/49",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4927",
"datePublished": "2012-10-08T18:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:31:20.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18026
Vulnerability from cvelistv5
Published
2018-01-10 09:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/issues/27516 | x_refsource_MISC | |
| https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678 | x_refsource_MISC | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd | x_refsource_MISC | |
| https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:50.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27516"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/issues/27516"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/issues/27516",
"refsource": "MISC",
"url": "https://www.redmine.org/issues/27516"
},
{
"name": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"name": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18026",
"datePublished": "2018-01-10T09:00:00",
"dateReserved": "2018-01-10T00:00:00",
"dateUpdated": "2024-08-05T21:06:50.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "506353CE-8310-44AC-B47C-4F3752DB7D0E",
"versionEndIncluding": "3.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF69D6-449E-4845-811D-D588B4D05665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAD6AFD-E3DE-4E0F-A2C8-78A1CD316A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD314E-A7E6-4073-BC98-452B9C5826E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6982CC59-BE97-400C-A653-47AD6802C3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6A2E76-528B-48FA-89A4-B6BEE20E901A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/views/timelog/_list.html.erb mediante datos de columna manipulados."
}
],
"id": "CVE-2017-15570",
"lastModified": "2024-11-21T03:14:46.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-05 04:15
Modified
2024-11-21 08:30
Severity ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039E83BB-5C46-4C23-B7B4-933991913BF1",
"versionEndExcluding": "4.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E2C892-4D46-421F-8479-08AE3B447918",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter."
},
{
"lang": "es",
"value": "Redmine anterior a 4.2.11 y 5.0.x anterior a 5.0.6 permite XSS en un formateador Markdown."
}
],
"id": "CVE-2023-47258",
"lastModified": "2024-11-21T08:30:04.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-05T04:15:10.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-05 04:15
Modified
2024-11-21 08:30
Severity ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039E83BB-5C46-4C23-B7B4-933991913BF1",
"versionEndExcluding": "4.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E2C892-4D46-421F-8479-08AE3B447918",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter."
},
{
"lang": "es",
"value": "Redmine anterior a 4.2.11 y 5.0.x anterior a 5.0.6 permite XSS en el formateador textil."
}
],
"id": "CVE-2023-47259",
"lastModified": "2024-11-21T08:30:04.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-05T04:15:10.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-28 07:15
Modified
2024-11-21 06:06
Severity ?
Summary
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/news/131 | Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/news/131 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9945EED3-D23D-4055-9A7D-0FF5956B838E",
"versionEndExcluding": "4.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80ACD361-2874-4B70-88F1-3999025D6192",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC28D7C-7E3E-406A-B0EC-41F58BA06981",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.3 y versiones 4.2.x anteriores a 4.2.1, permite a usuarios omitir unas extensiones de nombre de archivo permitidas de archivos adjuntos cargados"
}
],
"id": "CVE-2021-31865",
"lastModified": "2024-11-21T06:06:23.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T07:15:07.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/23793 | Permissions Required | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/23793 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220736DC-879E-4ECD-A37A-C512D2DC4E1B",
"versionEndIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information."
},
{
"lang": "es",
"value": "Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3 gestiona de manera incorrecta la presentaci\u00f3n de enlaces wiki, lo que permite que atacantes remotos obtengan informaci\u00f3n sensible."
}
],
"id": "CVE-2017-15577",
"lastModified": "2024-11-21T03:14:47.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/23793"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/23793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:38
Severity ?
Summary
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CDB9B4-C1A9-4BA6-A994-F6A47A6A1674",
"versionEndIncluding": "2.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA423C8-BBDF-4241-BF9C-5D787B8D5D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181CE1D0-046D-4BF6-8ED1-A246D277EF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D29032E5-7A51-464C-A88D-A46AA41D7A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B342C54A-29D4-45BD-A602-8C79C691E071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF043B-EBE7-468C-AF1D-D65ACF9AFA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086B834B-6585-4CF8-A268-FC4299577676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E818E816-8883-47DD-AADD-8258605AB5BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBF1967-2317-4888-9A18-097384C40DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B66CA0-3E2B-43BA-8A00-25E4EF8C4661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "905A5D43-A980-40F2-A2B5-A2FB1FA3A4A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed."
},
{
"lang": "es",
"value": "app/views/journals/index.builder en Redmine en versiones anteriores a 2.6.9, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a atacantes remotos obtener informaci\u00f3n sensible visualizando un feed Atom."
}
],
"id": "CVE-2015-8537",
"lastModified": "2024-11-21T02:38:41.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T14:59:06.210",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/103"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-06 08:15
Modified
2024-11-21 06:03
Severity ?
Summary
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01D9D78-8543-4E85-A3FD-C8140231AB5A",
"versionEndExcluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1390D7-9645-4FF3-9D85-3ACFF241260F",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.8 y versiones 4.1.x anteriores a 4.1.2, permite a atacantes detectar los nombres de proyectos privados si se presentan detalles del diario de problemas que poseen cambios en unos valores de project_id"
}
],
"id": "CVE-2021-30163",
"lastModified": "2024-11-21T06:03:25.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T08:15:12.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-08 18:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redmine | redmine | * | |
| redmine | redmine | 0.1.0 | |
| redmine | redmine | 0.2.1 | |
| redmine | redmine | 0.2.2 | |
| redmine | redmine | 0.3.0 | |
| redmine | redmine | 0.4.0 | |
| redmine | redmine | 0.4.1 | |
| redmine | redmine | 0.4.2 | |
| redmine | redmine | 0.5.0 | |
| redmine | redmine | 0.5.1 | |
| redmine | redmine | 0.6.0 | |
| redmine | redmine | 0.6.1 | |
| redmine | redmine | 0.6.2 | |
| redmine | redmine | 0.6.3 | |
| redmine | redmine | 0.6.4 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.1 | |
| redmine | redmine | 0.7.2 | |
| redmine | redmine | 0.7.3 | |
| redmine | redmine | 0.7.4 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.1 | |
| redmine | redmine | 0.8.2 | |
| redmine | redmine | 0.8.3 | |
| redmine | redmine | 0.8.4 | |
| redmine | redmine | 0.8.5 | |
| redmine | redmine | 0.8.6 | |
| redmine | redmine | 0.8.7 | |
| redmine | redmine | 0.9.0 | |
| redmine | redmine | 0.9.1 | |
| redmine | redmine | 0.9.2 | |
| redmine | redmine | 0.9.3 | |
| redmine | redmine | 0.9.4 | |
| redmine | redmine | 0.9.5 | |
| redmine | redmine | 0.9.6 | |
| redmine | redmine | 1.0.0 | |
| redmine | redmine | 1.0.1 | |
| redmine | redmine | 1.0.2 | |
| redmine | redmine | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28066C8-0451-4769-8C83-9ED1D31FB9E3",
"versionEndIncluding": "1.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A25E4182-E8BE-45BC-A591-463963D51341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD64C-120C-4803-84D8-7A2186B148B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "650A5A39-D2F1-41D1-B985-7051D0035B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0012C0B4-0B5A-4588-A81F-32652DECDA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "052CA2E7-73E8-4BA2-A98E-A527D635505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D961E2C0-4061-4CCA-AA6A-6CB3AA096933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91BB4D5-4700-4874-8473-5CF8C9A39B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C39736-8851-4072-89C7-9635CC28BD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C1857C-A87F-4BE1-A4D9-458310DF0F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBDF1A1-9739-4725-B3F8-D43A1847AB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E33486-ECAA-4568-86EE-40CAE068040A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB7D5EA-D7CE-429B-BDD7-1908460FC539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7129BEFA-1A70-43A8-A27B-EA1B2B8BDF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C96214-FB72-4423-AFCD-D66E531BD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF1F2E-7E6A-4F22-9511-77B4173239E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "785C388F-C871-4DE9-B636-5B127C71B017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F5A2B6-F225-4091-A491-B316D31A0C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA62C29-81F4-45E0-AFB6-E017AC207730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA9096-AD1A-4C5B-92C6-00A46D41A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B86BADC4-2765-40C9-8D95-C6628497F292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED843A9-D03E-457B-AC21-784CF6197C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB464C7-DEE0-4AF5-A782-D14965C76970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E588D-54E8-4E9F-A191-965923AF7DB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el formateador texttile en Redmine anterior a v1.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos."
}
],
"id": "CVE-2011-4928",
"lastModified": "2024-11-21T01:33:19.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T18:55:00.997",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/49"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-08 02:00
Modified
2024-11-21 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redmine | redmine | * | |
| redmine | redmine | 0.1.0 | |
| redmine | redmine | 0.2.1 | |
| redmine | redmine | 0.2.2 | |
| redmine | redmine | 0.3.0 | |
| redmine | redmine | 0.4.0 | |
| redmine | redmine | 0.4.1 | |
| redmine | redmine | 0.4.2 | |
| redmine | redmine | 0.5.0 | |
| redmine | redmine | 0.5.1 | |
| redmine | redmine | 0.6.0 | |
| redmine | redmine | 0.6.1 | |
| redmine | redmine | 0.6.2 | |
| redmine | redmine | 0.6.3 | |
| redmine | redmine | 0.6.4 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64580467-2FAB-4103-9F61-BC398C575B0D",
"versionEndIncluding": "0.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Redmine 0.7.2 y versiones anteriores que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4481",
"lastModified": "2024-11-21T00:51:47.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-08T02:00:01.220",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30241"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 09:29
Modified
2024-11-21 03:19
Severity ?
Summary
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57E15DAF-8ECD-442F-B197-79CEE2D81138",
"versionEndExcluding": "3.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "209D5EFB-2B31-4671-95B2-F7652E479373",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C595C3F2-6738-4B76-BB16-F19697A846A2",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
},
{
"lang": "es",
"value": "Redmine en versiones anteriores a la 3.2.9, 3.3.x anteriores a 3.3.6 y 3.4.x anteriores a 3.4.4 no bloquea los flags --config y --debugger en el programa Mercurial hg, lo que permite que los atacantes remotos ejecuten comandos arbitrarios (mediante el adaptador Mercurial) por medio de vectores que involucran una rama cuyo nombre empieza con una subcadena --config= o --debugger=. Esta vulnerabilidad est\u00e1 relacionada con CVE-2017-17536."
}
],
"id": "CVE-2017-18026",
"lastModified": "2024-11-21T03:19:11.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T09:29:00.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/27516"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/27516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-06 23:15
Modified
2024-11-21 07:27
Severity ?
Summary
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.redmine.org/news/139 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/news/139 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3D2DCC-4DD5-4744-BDEB-67858A8BA14C",
"versionEndIncluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user."
},
{
"lang": "es",
"value": "Redmine 5.x anterior a 5.0.4 permite la descarga de archivos adjuntos de cualquier problema o p\u00e1gina Wiki debido a comprobaciones de permisos insuficientes. Dependiendo de la configuraci\u00f3n, esto puede requerir iniciar sesi\u00f3n como usuario registrado."
}
],
"id": "CVE-2022-44030",
"lastModified": "2024-11-21T07:27:34.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-06T23:15:10.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/139"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-08 18:55
Modified
2024-11-21 01:33
Severity ?
Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7129BEFA-1A70-43A8-A27B-EA1B2B8BDF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C96214-FB72-4423-AFCD-D66E531BD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF1F2E-7E6A-4F22-9511-77B4173239E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "785C388F-C871-4DE9-B636-5B127C71B017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F5A2B6-F225-4091-A491-B316D31A0C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA62C29-81F4-45E0-AFB6-E017AC207730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA9096-AD1A-4C5B-92C6-00A46D41A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B86BADC4-2765-40C9-8D95-C6628497F292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED843A9-D03E-457B-AC21-784CF6197C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB464C7-DEE0-4AF5-A782-D14965C76970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E588D-54E8-4E9F-A191-965923AF7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDDECE-EF68-414B-B5D2-CEB31E25327B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el adaptador repositorio bazaar en Redmine v0.9.x y v 1.0.x anterior a v1.0.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-4929",
"lastModified": "2024-11-21T01:33:19.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T18:55:01.057",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/49"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redmine | redmine | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "717FF9C2-3B5A-4157-9538-21568B6AD1D3",
"versionEndExcluding": "3.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Redmine versiones hasta 3.2.9 y versiones 3.3.x anteriores a 3.3.10, permite a usuarios de Redmine acceder a informaci\u00f3n protegida por medio de una consulta de objeto dise\u00f1ada."
}
],
"id": "CVE-2019-18890",
"lastModified": "2024-11-21T04:33:47.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T18:15:11.883",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/RealLinkers/CVE-2019-18890"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/RealLinkers/CVE-2019-18890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 06:14
Severity ?
Summary
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.redmine.org/news/132 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/news/132 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D4F0DDF-9323-4FB7-A834-261F33B95F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F40E2F0-1CFC-4634-ADA6-C93E59145F23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user\u0027s account, but the intended behavior is for those sessions to be terminated."
},
{
"lang": "es",
"value": "Redmine versiones 4.2.0 y 4.2.1, permiten a las sesiones de usuario existentes continuar al habilitar la autenticaci\u00f3n de dos factores para la cuenta del usuario, pero el comportamiento previsto es que esas sesiones se terminen"
}
],
"id": "CVE-2021-37156",
"lastModified": "2024-11-21T06:14:44.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:12.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/132"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-28 07:15
Modified
2024-11-21 06:06
Severity ?
Summary
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/news/131 | Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/news/131 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9945EED3-D23D-4055-9A7D-0FF5956B838E",
"versionEndExcluding": "4.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80ACD361-2874-4B70-88F1-3999025D6192",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.9 y versiones 4.1.x anteriores a 4.1.3, permite a un atacante aprender los valores de las claves de autenticaci\u00f3n internas al observar las diferencias de tiempo en las operaciones de comparaci\u00f3n de cadenas dentro de las funciones SysController y MailHandlerController"
}
],
"id": "CVE-2021-31866",
"lastModified": "2024-11-21T06:06:23.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T07:15:07.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "506353CE-8310-44AC-B47C-4F3752DB7D0E",
"versionEndIncluding": "3.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF69D6-449E-4845-811D-D588B4D05665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAD6AFD-E3DE-4E0F-A2C8-78A1CD316A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD314E-A7E6-4073-BC98-452B9C5826E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6982CC59-BE97-400C-A653-47AD6802C3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6A2E76-528B-48FA-89A4-B6BEE20E901A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/views/issues/_list.html.erb mediante datos de columna manipulados."
}
],
"id": "CVE-2017-15571",
"lastModified": "2024-11-21T03:14:46.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-06 08:15
Modified
2024-11-21 05:29
Severity ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85B29967-3CDE-4713-9E98-51A9082BAA08",
"versionEndExcluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7842A9-8BF2-42F1-85C1-97D5C09338B9",
"versionEndExcluding": "4.1.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, presenta un ataque de tipo XSS por medio del campo back_url"
}
],
"id": "CVE-2020-36306",
"lastModified": "2024-11-21T05:29:13.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T08:15:12.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-08 18:55
Modified
2024-11-21 01:33
Severity ?
Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B86BADC4-2765-40C9-8D95-C6628497F292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED843A9-D03E-457B-AC21-784CF6197C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB464C7-DEE0-4AF5-A782-D14965C76970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E588D-54E8-4E9F-A191-965923AF7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDDECE-EF68-414B-B5D2-CEB31E25327B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el adaptador repositorio bazaar en Redmine v1.0.x anterior a v1.0.5 permite a atacantes remotos autenticados obtener informaci\u00f3n sensible mediante vectores desconocidos."
}
],
"id": "CVE-2011-4927",
"lastModified": "2024-11-21T01:33:18.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T18:55:00.950",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/49"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/25503 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/25503 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220736DC-879E-4ECD-A37A-C512D2DC4E1B",
"versionEndIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, existe XSS porque se gestiona de manera incorrecta la revisi\u00f3n en el contenido de la wiki."
}
],
"id": "CVE-2017-15573",
"lastModified": "2024-11-21T03:14:46.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/25503"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/25503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-06 08:15
Modified
2024-11-21 06:03
Severity ?
Summary
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B01D9D78-8543-4E85-A3FD-C8140231AB5A",
"versionEndExcluding": "4.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1390D7-9645-4FF3-9D85-3ACFF241260F",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.8 y versiones 4.1.x anteriores a 4.1.2, permite a atacantes omitir el requisito de permiso add_issue_notes al aprovechar la API Issues"
}
],
"id": "CVE-2021-30164",
"lastModified": "2024-11-21T06:03:26.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T08:15:12.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-28 07:15
Modified
2024-11-21 06:06
Severity ?
Summary
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/news/131 | Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/news/131 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9945EED3-D23D-4055-9A7D-0FF5956B838E",
"versionEndExcluding": "4.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80ACD361-2874-4B70-88F1-3999025D6192",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC28D7C-7E3E-406A-B0EC-41F58BA06981",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.3 y versiones 4.2.x anteriores a 4.2.1, permite a atacantes omitir el requisito de permiso de la funci\u00f3n add_issue_notes al aprovechar el controlador de correo entrante"
}
],
"id": "CVE-2021-31864",
"lastModified": "2024-11-21T06:06:22.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T07:15:07.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "506353CE-8310-44AC-B47C-4F3752DB7D0E",
"versionEndIncluding": "3.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF69D6-449E-4845-811D-D588B4D05665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAD6AFD-E3DE-4E0F-A2C8-78A1CD316A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD314E-A7E6-4073-BC98-452B9C5826E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6982CC59-BE97-400C-A653-47AD6802C3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6A2E76-528B-48FA-89A4-B6BEE20E901A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/helpers/application_helper.rb mediante un campo de m\u00faltiples valores con un valor manipulado que se gestiona de manera incorrecta durante la representaci\u00f3n del historial de problemas."
}
],
"id": "CVE-2017-15568",
"lastModified": "2024-11-21T03:14:46.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 14:55
Modified
2024-11-21 01:38
Severity ?
Summary
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB2CE1C-9830-4ED9-99C7-4C8DE5218232",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A25E4182-E8BE-45BC-A591-463963D51341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD64C-120C-4803-84D8-7A2186B148B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "650A5A39-D2F1-41D1-B985-7051D0035B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0012C0B4-0B5A-4588-A81F-32652DECDA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "052CA2E7-73E8-4BA2-A98E-A527D635505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D961E2C0-4061-4CCA-AA6A-6CB3AA096933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91BB4D5-4700-4874-8473-5CF8C9A39B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C39736-8851-4072-89C7-9635CC28BD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C1857C-A87F-4BE1-A4D9-458310DF0F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBDF1A1-9739-4725-B3F8-D43A1847AB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E33486-ECAA-4568-86EE-40CAE068040A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB7D5EA-D7CE-429B-BDD7-1908460FC539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7129BEFA-1A70-43A8-A27B-EA1B2B8BDF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C96214-FB72-4423-AFCD-D66E531BD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF1F2E-7E6A-4F22-9511-77B4173239E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "785C388F-C871-4DE9-B636-5B127C71B017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F5A2B6-F225-4091-A491-B316D31A0C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA62C29-81F4-45E0-AFB6-E017AC207730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA9096-AD1A-4C5B-92C6-00A46D41A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B86BADC4-2765-40C9-8D95-C6628497F292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED843A9-D03E-457B-AC21-784CF6197C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB464C7-DEE0-4AF5-A782-D14965C76970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E588D-54E8-4E9F-A191-965923AF7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDDECE-EF68-414B-B5D2-CEB31E25327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A4E6A2-895C-4D8D-9A7C-5DAA35704CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77E2F14-1089-4152-9AFA-943B922CEF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60876FFF-6FD3-4706-945B-4A54547204BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99AD9B02-F78B-4CD9-A17E-4E21737AA081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA23EC17-0C98-49A6-A9FD-F3133F219770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AACB99C-C82F-4825-AD9B-C5CDDCC60490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E290527-573D-43EA-8701-4E1A31B1EBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22C09F5D-91AD-4BE6-B3E7-5032628D762F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6D1873-C212-40C7-B6C6-1CF77434DBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B623EB4-3A90-47EE-8891-431AF0919B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327."
},
{
"lang": "es",
"value": "Redmine antes de v1.3.2 no restringe adecuadamente el uso de un hash para proporcionar los valores de los atributos de un modelo, lo que permite a atacantes remotos establecer los atributos en los modelos (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board, a trav\u00e9s de una URL modificada, en relaci\u00f3n con una vulnerabilidad de \"asignacion en masa\". Se trata de una vulnerabilidad diferente a CVE-2012-0327."
}
],
"id": "CVE-2012-2054",
"lastModified": "2024-11-21T01:38:23.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-05T14:55:05.840",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.redmine.org/boards/2/topics/29343"
},
{
"source": "cve@mitre.org",
"url": "http://www.redmine.org/issues/10390"
},
{
"source": "cve@mitre.org",
"url": "http://www.redmine.org/versions/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/boards/2/topics/29343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/issues/10390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/versions/42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-06 08:15
Modified
2024-11-21 05:29
Severity ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85B29967-3CDE-4713-9E98-51A9082BAA08",
"versionEndExcluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7842A9-8BF2-42F1-85C1-97D5C09338B9",
"versionEndExcluding": "4.1.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, presenta un ataque de tipo XSS almacenado por medio de enlaces en l\u00ednea de textile"
}
],
"id": "CVE-2020-36307",
"lastModified": "2024-11-21T05:29:13.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T08:15:12.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/24307 | Permissions Required | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/24307 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220736DC-879E-4ECD-A37A-C512D2DC4E1B",
"versionEndIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project\u0027s settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, Redmine.pm no tiene verificaci\u00f3n para cuando el m\u00f3dulo Repository est\u00e1 habilitado en la configuraci\u00f3n de un proyecto, lo que podr\u00eda permitir que atacantes remotos obtengan diferente informaci\u00f3n sensible o provoquen otro impacto sin especificar."
}
],
"id": "CVE-2017-15575",
"lastModified": "2024-11-21T03:14:47.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/24307"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/24307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/24416 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/24416 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220736DC-879E-4ECD-A37A-C512D2DC4E1B",
"versionEndIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, atacantes remotos pueden obtener informaci\u00f3n sensible (tokens de reestablecimiento de contrase\u00f1a) leyendo un registro Referer, ya que account/lost_password no emplea una redirecci\u00f3n."
}
],
"id": "CVE-2017-15572",
"lastModified": "2024-11-21T03:14:46.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/24416"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/24416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2024-11-21 02:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2912F6F4-9318-4136-85AD-0DE3B695025E",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo Cross-site scripting (XSS) en Redmine versiones anteriores a la 2.6.2, que permitir\u00eda a atacantes remotos inyectar secuencias de comando web arbitrarias o HTML a trav\u00e9s de vectores que involucren el renderizado de mensajes flash."
}
],
"id": "CVE-2015-8477",
"lastModified": "2024-11-21T02:38:36.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:01.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/19117"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/19117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 19:15
Modified
2024-11-21 06:27
Severity ?
Summary
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65CFF88-7694-4A72-BB47-485F8072B6D1",
"versionEndExcluding": "4.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C2547-3EB7-4B98-9586-DE71EE70651F",
"versionEndExcluding": "4.2.3",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.1.5 y versiones 4.2.x anteriores a 4.2.3, pueden revelar los nombres de usuarios en las vistas de actividad debido a un filtro de acceso insuficiente"
}
],
"id": "CVE-2021-42326",
"lastModified": "2024-11-21T06:27:36.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T19:15:08.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/133"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-19 19:55
Modified
2024-11-21 01:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED843A9-D03E-457B-AC21-784CF6197C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB464C7-DEE0-4AF5-A782-D14965C76970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E588D-54E8-4E9F-A191-965923AF7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDDECE-EF68-414B-B5D2-CEB31E25327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A4E6A2-895C-4D8D-9A7C-5DAA35704CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77E2F14-1089-4152-9AFA-943B922CEF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60876FFF-6FD3-4706-945B-4A54547204BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en app/views/layouts/base.rhtml de Redmine 1.0.1 hasta la 1.1.1. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de PATH_INFO de projects/hg-helloworld/news/. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceras partes."
}
],
"id": "CVE-2011-1723",
"lastModified": "2024-11-21T01:26:52.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-19T19:55:02.077",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/71564"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43999"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8211"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/53"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47193"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/24199 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/24199 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220736DC-879E-4ECD-A37A-C512D2DC4E1B",
"versionEndIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, es posible que se realice Cross-Site Scripting (XSS) persistente empleando un documento SVG como adjunto."
}
],
"id": "CVE-2017-15574",
"lastModified": "2024-11-21T03:14:46.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/24199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/24199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-13 20:29
Modified
2024-11-21 03:17
Severity ?
Summary
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/25713 | Permissions Required | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/25713 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C34F71DA-BA2C-4595-B702-FF2CB4229C4B",
"versionEndExcluding": "3.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF69D6-449E-4845-811D-D588B4D05665",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.7 y las versiones 3.3.x anteriores a la 3.3.4, la funci\u00f3n reminders en app/models/mailer.rb no comprueba si un problema es visible, lo que permite que usuarios remotos autenticados obtengan informaci\u00f3n sensible leyendo mensajes de recordatorio de correo electr\u00f3nico."
}
],
"id": "CVE-2017-16804",
"lastModified": "2024-11-21T03:17:00.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T20:29:00.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/25713"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/25713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:38
Severity ?
Summary
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8759A6B4-7D3F-4337-B8E7-49E4D98BB632",
"versionEndIncluding": "2.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA423C8-BBDF-4241-BF9C-5D787B8D5D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181CE1D0-046D-4BF6-8ED1-A246D277EF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D29032E5-7A51-464C-A88D-A46AA41D7A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B342C54A-29D4-45BD-A602-8C79C691E071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF043B-EBE7-468C-AF1D-D65ACF9AFA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086B834B-6585-4CF8-A268-FC4299577676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBF1967-2317-4888-9A18-097384C40DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B66CA0-3E2B-43BA-8A00-25E4EF8C4661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form."
},
{
"lang": "es",
"value": "app/views/timelog/_form.html.erb en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a atacantes remotos obtener informaci\u00f3n sensible sobre temas de problemas visualizando el formulario de tiempo de acceso."
}
],
"id": "CVE-2015-8346",
"lastModified": "2024-11-21T02:38:20.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T14:59:03.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/102"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
},
{
"source": "cve@mitre.org",
"url": "https://www.redmine.org/issues/21150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redmine.org/news/102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redmine.org/issues/21150"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-199"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-25 22:00
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redmine | redmine | * | |
| redmine | redmine | 0.1.0 | |
| redmine | redmine | 0.2.1 | |
| redmine | redmine | 0.2.2 | |
| redmine | redmine | 0.3.0 | |
| redmine | redmine | 0.4.0 | |
| redmine | redmine | 0.4.1 | |
| redmine | redmine | 0.4.2 | |
| redmine | redmine | 0.5.0 | |
| redmine | redmine | 0.5.1 | |
| redmine | redmine | 0.6.0 | |
| redmine | redmine | 0.6.1 | |
| redmine | redmine | 0.6.2 | |
| redmine | redmine | 0.6.3 | |
| redmine | redmine | 0.6.4 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.1 | |
| redmine | redmine | 0.7.2 | |
| redmine | redmine | 0.7.3 | |
| redmine | redmine | 0.7.4 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.1 | |
| redmine | redmine | 0.8.2 | |
| redmine | redmine | 0.8.3 | |
| redmine | redmine | 0.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E66CDC-BDA5-4F19-81FA-621C3F42B7A4",
"versionEndIncluding": "0.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A25E4182-E8BE-45BC-A591-463963D51341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD64C-120C-4803-84D8-7A2186B148B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "650A5A39-D2F1-41D1-B985-7051D0035B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0012C0B4-0B5A-4588-A81F-32652DECDA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "052CA2E7-73E8-4BA2-A98E-A527D635505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D961E2C0-4061-4CCA-AA6A-6CB3AA096933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91BB4D5-4700-4874-8473-5CF8C9A39B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C39736-8851-4072-89C7-9635CC28BD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C1857C-A87F-4BE1-A4D9-458310DF0F3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en Redmine v0.8.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-4078",
"lastModified": "2024-11-21T01:08:52.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-25T22:00:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37420"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-30 20:00
Modified
2024-11-21 01:09
Severity ?
Summary
Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redmine | redmine | * | |
| redmine | redmine | 0.1.0 | |
| redmine | redmine | 0.2.1 | |
| redmine | redmine | 0.2.2 | |
| redmine | redmine | 0.3.0 | |
| redmine | redmine | 0.4.0 | |
| redmine | redmine | 0.4.1 | |
| redmine | redmine | 0.4.2 | |
| redmine | redmine | 0.5.0 | |
| redmine | redmine | 0.5.1 | |
| redmine | redmine | 0.6.0 | |
| redmine | redmine | 0.6.1 | |
| redmine | redmine | 0.6.2 | |
| redmine | redmine | 0.6.3 | |
| redmine | redmine | 0.6.4 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.1 | |
| redmine | redmine | 0.7.2 | |
| redmine | redmine | 0.7.3 | |
| redmine | redmine | 0.7.4 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.1 | |
| redmine | redmine | 0.8.2 | |
| redmine | redmine | 0.8.3 | |
| redmine | redmine | 0.8.4 | |
| redmine | redmine | 0.8.5 | |
| redmine | redmine | 0.8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D32316B-7FE5-410C-BC35-33004CEBEBA9",
"versionEndIncluding": "0.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A25E4182-E8BE-45BC-A591-463963D51341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD64C-120C-4803-84D8-7A2186B148B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "650A5A39-D2F1-41D1-B985-7051D0035B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0012C0B4-0B5A-4588-A81F-32652DECDA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "052CA2E7-73E8-4BA2-A98E-A527D635505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D961E2C0-4061-4CCA-AA6A-6CB3AA096933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91BB4D5-4700-4874-8473-5CF8C9A39B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C39736-8851-4072-89C7-9635CC28BD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C1857C-A87F-4BE1-A4D9-458310DF0F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBDF1A1-9739-4725-B3F8-D43A1847AB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E33486-ECAA-4568-86EE-40CAE068040A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
},
{
"lang": "es",
"value": "Redmine 0.8.7 y versiones anteriores usa la etiqueta t\u00edtulo antes de definir el caracter de codificaci\u00f3n en una etiqueta META lo que permite a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS) e inyectar secuencias de comandos de su elecci\u00f3n mediante valores con codificaci\u00f3n UTF-7 en el par\u00e1metro t\u00edtulo para una p\u00e1gina de nueva emisi\u00f3n, lo que puede ser interpratado como un script por Internet Explorer 7 y 8."
}
],
"id": "CVE-2009-4459",
"lastModified": "2024-11-21T01:09:41.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-30T20:00:01.030",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37425"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-11 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14A4B298-BCC4-4E4C-A538-28CD0E11F1A4",
"versionEndIncluding": "2.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86858F9B-8A3B-4667-A42B-198862F0508E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64B5E6E0-4824-46AE-9518-A9E17FB74E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E13CFD7-1981-49C4-9990-713C811DC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A120F2B-AF7F-416E-929B-C2BF573F5032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F96EDC1C-A925-4D24-87B4-BA3AA993ABAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter)."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la funci\u00f3n redirect_back_or_default en app/controllers/application_controller.rb en Redmine anterior a 2.4.5 y 2.5.x anterior a 2.5.1 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en la url back (par\u00e1metro back_url)."
}
],
"id": "CVE-2014-1985",
"lastModified": "2024-11-21T02:05:24.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-11T14:55:05.663",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57524"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/66674"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-06 08:15
Modified
2024-11-21 05:29
Severity ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85B29967-3CDE-4713-9E98-51A9082BAA08",
"versionEndExcluding": "4.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7842A9-8BF2-42F1-85C1-97D5C09338B9",
"versionEndExcluding": "4.1.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, permite a atacantes detectar el tema de un problema no visible al llevar a cabo una exportaci\u00f3n CSV y leer las entradas de tiempo"
}
],
"id": "CVE-2020-36308",
"lastModified": "2024-11-21T05:29:14.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T08:15:12.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-10 02:05
Modified
2024-11-21 04:32
Severity ?
Summary
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC059B85-8A61-423C-B170-C4905D519DD2",
"versionEndExcluding": "3.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C650CE26-B5A8-4679-8096-C6B5FDDE67A3",
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors."
},
{
"lang": "es",
"value": "En Redmine versiones anteriores a 3.4.11 y versiones 4.0.x anteriores a 4.0.4, se presenta una vulnerabilidad de tipo XSS persistente debido a errores de formateo textile."
}
],
"id": "CVE-2019-17427",
"lastModified": "2024-11-21T04:32:18.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-10T02:05:46.897",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/RealLinkers/CVE-2019-17427"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/RealLinkers/CVE-2019-17427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-29 04:15
Modified
2024-11-21 06:00
Severity ?
Summary
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.redmine.org/issues/33846 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/33846 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1390D7-9645-4FF3-9D85-3ACFF241260F",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine 4.1.x before 4.1.2 allows XSS because an issue\u0027s subject is mishandled in the auto complete tip."
},
{
"lang": "es",
"value": "Redmine versiones 4.1.x anteriores a 4.1.2, permite un ataque de tipo XSS porque el tema de un problema es manejado inapropiadamente en la sugerencia de autocompletar"
}
],
"id": "CVE-2021-29274",
"lastModified": "2024-11-21T06:00:55.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T04:15:13.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/33846"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/33846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 03:15
Modified
2024-11-21 07:27
Severity ?
Summary
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F078B712-B0BD-490B-B749-D3312B13B22D",
"versionEndExcluding": "4.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CEDD42-39B0-4A59-BF1B-D88CF391A5A0",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields."
},
{
"lang": "es",
"value": "Redmine anterior a 4.2.9 y 5.0.x anterior a 5.0.4 permite XSS persistente en su formateador Textil debido a una sanitizaci\u00f3n inadecuada de la sintaxis de citas en bloque en campos con formato Textil."
}
],
"id": "CVE-2022-44031",
"lastModified": "2024-11-21T07:27:34.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T03:15:09.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:38
Severity ?
Summary
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8759A6B4-7D3F-4337-B8E7-49E4D98BB632",
"versionEndIncluding": "2.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA423C8-BBDF-4241-BF9C-5D787B8D5D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181CE1D0-046D-4BF6-8ED1-A246D277EF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D29032E5-7A51-464C-A88D-A46AA41D7A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B342C54A-29D4-45BD-A602-8C79C691E071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF043B-EBE7-468C-AF1D-D65ACF9AFA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086B834B-6585-4CF8-A268-FC4299577676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBF1967-2317-4888-9A18-097384C40DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B66CA0-3E2B-43BA-8A00-25E4EF8C4661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects."
},
{
"lang": "es",
"value": "La API Issues en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de mensajes changeset aprovechando el permiso para leer problemas en relaci\u00f3n con changesets de otros proyectos."
}
],
"id": "CVE-2015-8473",
"lastModified": "2024-11-21T02:38:36.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T14:59:04.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/78621"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redmine.org/issues/21136"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/versions/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redmine.org/issues/21136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/versions/105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 14:55
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB2CE1C-9830-4ED9-99C7-4C8DE5218232",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A25E4182-E8BE-45BC-A591-463963D51341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD64C-120C-4803-84D8-7A2186B148B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "650A5A39-D2F1-41D1-B985-7051D0035B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0012C0B4-0B5A-4588-A81F-32652DECDA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "052CA2E7-73E8-4BA2-A98E-A527D635505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D961E2C0-4061-4CCA-AA6A-6CB3AA096933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91BB4D5-4700-4874-8473-5CF8C9A39B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C39736-8851-4072-89C7-9635CC28BD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C1857C-A87F-4BE1-A4D9-458310DF0F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBDF1A1-9739-4725-B3F8-D43A1847AB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E33486-ECAA-4568-86EE-40CAE068040A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB7D5EA-D7CE-429B-BDD7-1908460FC539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7129BEFA-1A70-43A8-A27B-EA1B2B8BDF75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C96214-FB72-4423-AFCD-D66E531BD6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF1F2E-7E6A-4F22-9511-77B4173239E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "785C388F-C871-4DE9-B636-5B127C71B017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F5A2B6-F225-4091-A491-B316D31A0C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA62C29-81F4-45E0-AFB6-E017AC207730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA9096-AD1A-4C5B-92C6-00A46D41A5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B86BADC4-2765-40C9-8D95-C6628497F292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DED843A9-D03E-457B-AC21-784CF6197C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB464C7-DEE0-4AF5-A782-D14965C76970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E588D-54E8-4E9F-A191-965923AF7DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDDECE-EF68-414B-B5D2-CEB31E25327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A4E6A2-895C-4D8D-9A7C-5DAA35704CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A77E2F14-1089-4152-9AFA-943B922CEF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60876FFF-6FD3-4706-945B-4A54547204BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "99AD9B02-F78B-4CD9-A17E-4E21737AA081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA23EC17-0C98-49A6-A9FD-F3133F219770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AACB99C-C82F-4825-AD9B-C5CDDCC60490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E290527-573D-43EA-8701-4E1A31B1EBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22C09F5D-91AD-4BE6-B3E7-5032628D762F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6D1873-C212-40C7-B6C6-1CF77434DBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B623EB4-3A90-47EE-8891-431AF0919B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Redmine antes de v1.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0327",
"lastModified": "2024-11-21T01:34:48.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-05T14:55:04.357",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.redmine.org/versions/42"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/52447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redmine.org/versions/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52447"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-28 07:15
Modified
2024-11-21 06:06
Severity ?
Summary
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/news/131 | Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/news/131 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9945EED3-D23D-4055-9A7D-0FF5956B838E",
"versionEndExcluding": "4.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80ACD361-2874-4B70-88F1-3999025D6192",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC28D7C-7E3E-406A-B0EC-41F58BA06981",
"versionEndExcluding": "4.2.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n insuficiente de entrada en la integraci\u00f3n del repositorio Git de Redmine versiones anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.3 y versiones 4.2.x anteriores a 4.2.1, permite a usuarios de Redmine leer archivos locales arbitrarios accesibles por el proceso del servidor de aplicaciones"
}
],
"id": "CVE-2021-31863",
"lastModified": "2024-11-21T06:06:22.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T07:15:07.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/news/131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-06 08:15
Modified
2024-11-21 04:39
Severity ?
Summary
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Not Applicable |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4297083D-5F31-4527-966F-7994EC6B0B49",
"versionEndExcluding": "3.4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF22FAA-6CC2-45FF-B44E-95BC8186E193",
"versionEndExcluding": "4.0.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting."
},
{
"lang": "es",
"value": "Redmine versiones anteriores a 3.4.13 y versiones 4.x anteriores a 4.0.6, maneja inapropiadamente unos datos de marcado durante el formateo de Textile"
}
],
"id": "CVE-2019-25026",
"lastModified": "2024-11-21T04:39:46.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T08:15:12.073",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-12 03:15
Modified
2024-11-21 07:28
Severity ?
Summary
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F078B712-B0BD-490B-B749-D3312B13B22D",
"versionEndExcluding": "4.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CEDD42-39B0-4A59-BF1B-D88CF391A5A0",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user."
},
{
"lang": "es",
"value": "Redmine anterior a 4.2.9 y 5.0.x anterior a 5.0.4 permite XSS persistente en su formateador Textil debido a una sanitizaci\u00f3n inadecuada en los campos formateados en Redcloth3 Textile. Dependiendo de la configuraci\u00f3n, esto podr\u00eda requerir iniciar sesi\u00f3n como usuario registrado."
}
],
"id": "CVE-2022-44637",
"lastModified": "2024-11-21T07:28:14.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T03:15:09.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-05 04:15
Modified
2024-11-21 08:30
Severity ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039E83BB-5C46-4C23-B7B4-933991913BF1",
"versionEndExcluding": "4.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E2C892-4D46-421F-8479-08AE3B447918",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails."
},
{
"lang": "es",
"value": "Redmine anterior a 4.2.11 y 5.0.x anterior a 5.0.6 permite XSS mediante miniaturas."
}
],
"id": "CVE-2023-47260",
"lastModified": "2024-11-21T08:30:04.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-05T04:15:10.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/27186 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "506353CE-8310-44AC-B47C-4F3752DB7D0E",
"versionEndIncluding": "3.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADF69D6-449E-4845-811D-D588B4D05665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAD6AFD-E3DE-4E0F-A2C8-78A1CD316A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD314E-A7E6-4073-BC98-452B9C5826E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6982CC59-BE97-400C-A653-47AD6802C3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6A2E76-528B-48FA-89A4-B6BEE20E901A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/helpers/queries_helper.rb mediante un campo de m\u00faltiples valores con un valor manipulado que se gestiona de manera incorrecta durante la representaci\u00f3n del historial de problemas."
}
],
"id": "CVE-2017-15569",
"lastModified": "2024-11-21T03:14:46.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-12 14:59
Modified
2024-11-21 02:38
Severity ?
Summary
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC1AEF9-3597-407C-931A-B6FB2051C372",
"versionEndIncluding": "2.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20D6EF74-385B-4B17-BDE7-D70CB26C2204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA423C8-BBDF-4241-BF9C-5D787B8D5D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181CE1D0-046D-4BF6-8ED1-A246D277EF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D29032E5-7A51-464C-A88D-A46AA41D7A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B342C54A-29D4-45BD-A602-8C79C691E071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF043B-EBE7-468C-AF1D-D65ACF9AFA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBF1967-2317-4888-9A18-097384C40DDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la funci\u00f3n valid_back_url en app/controllers/application_controller.rb en Redmine en versiones anteriores a 2.6.7, 3.0.x en versiones anteriores a 3.0.5 y 3.1.x en versiones anteriores a 3.1.1 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de un par\u00e1metro back_url manipulado, seg\u00fan lo demostrado por \"@attacker.com\", una vulnerabilidad diferente a CVE-2014-1985."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-8474",
"lastModified": "2024-11-21T02:38:36.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-12T14:59:05.227",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redmine.org/news/101"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/78625"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/19577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redmine.org/news/101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/issues/19577"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 03:14
Severity ?
Summary
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| cve@mitre.org | https://www.redmine.org/issues/23803 | Permissions Required | |
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4191 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/issues/23803 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220736DC-879E-4ECD-A37A-C512D2DC4E1B",
"versionEndIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "196CF994-54D8-4E36-B37E-EAF1CC108F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE4FC9C-3291-4344-81D5-83BA91D52FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1F17B-7B25-48B3-8953-18C47D99B443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information."
},
{
"lang": "es",
"value": "Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3 gestiona de manera incorrecta la presentaci\u00f3n Time Entry en vistas de actividad, lo que permite que atacantes remotos obtengan informaci\u00f3n sensible."
}
],
"id": "CVE-2017-15576",
"lastModified": "2024-11-21T03:14:47.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/23803"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://www.redmine.org/issues/23803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 02:29
Modified
2024-11-21 02:44
Severity ?
Summary
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redmine.org/projects/redmine/wiki/Security_Advisories | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "753D2319-5839-4A8E-9796-ADC8BD0D905D",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages."
},
{
"lang": "es",
"value": "En Redmine en versiones anteriores a la 3.2.3 hay vulnerabilidades de Cross-Site Scripting (XSS) persistente que afectan al formato de texto Textile y Markdown, as\u00ed como a las p\u00e1ginas de inicio de proyectos."
}
],
"id": "CVE-2016-10515",
"lastModified": "2024-11-21T02:44:10.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T02:29:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-25 22:00
Modified
2024-11-21 01:08
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redmine | redmine | * | |
| redmine | redmine | 0.1.0 | |
| redmine | redmine | 0.2.1 | |
| redmine | redmine | 0.2.2 | |
| redmine | redmine | 0.3.0 | |
| redmine | redmine | 0.4.0 | |
| redmine | redmine | 0.4.1 | |
| redmine | redmine | 0.4.2 | |
| redmine | redmine | 0.5.0 | |
| redmine | redmine | 0.5.1 | |
| redmine | redmine | 0.6.0 | |
| redmine | redmine | 0.6.1 | |
| redmine | redmine | 0.6.2 | |
| redmine | redmine | 0.6.3 | |
| redmine | redmine | 0.6.4 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.0 | |
| redmine | redmine | 0.7.1 | |
| redmine | redmine | 0.7.2 | |
| redmine | redmine | 0.7.3 | |
| redmine | redmine | 0.7.4 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.0 | |
| redmine | redmine | 0.8.1 | |
| redmine | redmine | 0.8.2 | |
| redmine | redmine | 0.8.3 | |
| redmine | redmine | 0.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E66CDC-BDA5-4F19-81FA-621C3F42B7A4",
"versionEndIncluding": "0.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB74CF-B69C-4ACF-B676-17082D54A769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0254A2D-10A5-4843-BE58-72A3B5284DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19773B3-33A6-439A-93BB-1FB4FA86D4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1314065B-1B7A-41BC-89F2-EAEE8EA8A6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE09F2-954D-4A3E-B2D1-981EEF6AD0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEA2E09-2CA8-4999-A841-02A8488F851A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F99DB71A-FBBE-4FFF-8EC6-D0EDAE8EDEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E2430-4FFB-4AB4-A2BD-55711486D257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FFCE-D748-41F4-B4E8-9852B3ED9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "554098E4-A9E5-4153-B8CD-8C987B7A8527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "117F62E1-BEC6-416F-AD68-BC1AA260CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "086659CB-5DD4-4B19-8223-76A85DF82D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1850A5B4-747D-4D6F-B625-7DE4857790E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE853B-C003-4C9F-9A00-AF84CCD0A05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E235F356-CE27-4CFC-A064-D93E3FE0C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F66B7C8-0D70-4E53-90BC-938101BEB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EDE791-F1E6-4E9C-9924-9AA8A34A2D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A25E4182-E8BE-45BC-A591-463963D51341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "450BD64C-120C-4803-84D8-7A2186B148B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "650A5A39-D2F1-41D1-B985-7051D0035B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0012C0B4-0B5A-4588-A81F-32652DECDA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "052CA2E7-73E8-4BA2-A98E-A527D635505D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D961E2C0-4061-4CCA-AA6A-6CB3AA096933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B91BB4D5-4700-4874-8473-5CF8C9A39B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C39736-8851-4072-89C7-9635CC28BD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C1857C-A87F-4BE1-A4D9-458310DF0F3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados en Redmine v0.8.5 y anteriores permite a atacantes remotos secuestras las autenticaci\u00f3n de los usuarios para peticiones que borren un ticket a trav\u00e9s de vectores inespecificos."
}
],
"id": "CVE-2009-4079",
"lastModified": "2024-11-21T01:08:52.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-25T22:00:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37420"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
jvndb-2014-000041
Vulnerability from jvndb
Published
2014-04-16 15:06
Modified
2014-04-16 15:06
Summary
Redmine vulnerable to open redirect
Details
Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN93004610/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1985 | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html",
"dc:date": "2014-04-16T15:06+09:00",
"dcterms:issued": "2014-04-16T15:06+09:00",
"dcterms:modified": "2014-04-16T15:06+09:00",
"description": "Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000041",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN93004610/index.html",
"@id": "JVN#93004610",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985",
"@id": "CVE-2014-1985",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1985",
"@id": "CVE-2014-1985",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Redmine vulnerable to open redirect"
}
jvndb-2009-000074
Vulnerability from jvndb
Published
2009-11-19 15:45
Modified
2009-11-19 15:45
Summary
Redmine vulnerable to cross-site request forgery
Details
Redmine contains a cross-site request forgery vulnerability.
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html",
"dc:date": "2009-11-19T15:45+09:00",
"dcterms:issued": "2009-11-19T15:45+09:00",
"dcterms:modified": "2009-11-19T15:45+09:00",
"description": "Redmine contains a cross-site request forgery vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site request forgery vulnerability.\r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87341298/index.html",
"@id": "JVN#87341298",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4079",
"@id": "CVE-2009-4079",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4079",
"@id": "CVE-2009-4079",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37420",
"@id": "SA37420",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37066",
"@id": "37066",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54334",
"@id": "54334",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/3291",
"@id": "VUPEN/ADV-2009-3291",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Redmine vulnerable to cross-site request forgery"
}
jvndb-2012-000025
Vulnerability from jvndb
Published
2012-03-13 13:39
Modified
2012-03-13 13:39
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Kousuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html",
"dc:date": "2012-03-13T13:39+09:00",
"dcterms:issued": "2012-03-13T13:39+09:00",
"dcterms:modified": "2012-03-13T13:39+09:00",
"description": "Redmine contains a cross-site scripting vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site scripting vulnerability.\r\n\r\nKousuke Ebihara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000025",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93406632/index.html",
"@id": "JVN#93406632",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0327",
"@id": "CVE-2012-0327",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0327",
"@id": "CVE-2012-0327",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2008-000038
Vulnerability from jvndb
Published
2008-07-08 12:15
Modified
2008-07-08 12:15
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine, open source project management software, contains a cross-site scripting vulnerbility.
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.
Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html",
"dc:date": "2008-07-08T12:15+09:00",
"dcterms:issued": "2008-07-08T12:15+09:00",
"dcterms:modified": "2008-07-08T12:15+09:00",
"description": "Redmine, open source project management software, contains a cross-site scripting vulnerbility.\r\n\r\nRedmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.\r\n\r\nToshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000038",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN00945448/index.html",
"@id": "JVN#00945448",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4481",
"@id": "CVE-2008-4481",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4481",
"@id": "CVE-2008-4481",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html",
"@id": "JVNDB-2008-000038",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2009-000073
Vulnerability from jvndb
Published
2009-11-19 15:45
Modified
2009-11-19 15:45
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html",
"dc:date": "2009-11-19T15:45+09:00",
"dcterms:issued": "2009-11-19T15:45+09:00",
"dcterms:modified": "2009-11-19T15:45+09:00",
"description": "Redmine contains a cross-site scripting vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site scripting vulnerability.\r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000073",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01245481/index.html",
"@id": "JVN#01245481",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4078",
"@id": "CVE-2009-4078",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4078",
"@id": "CVE-2009-4078",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37420",
"@id": "SA37420",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37066",
"@id": "37066",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54333",
"@id": "54333",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/3291",
"@id": "VUPEN/ADV-2009-3291",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2023-000116
Vulnerability from jvndb
Published
2023-11-17 14:32
Modified
2024-05-09 17:55
Severity ?
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability (CWE-79) due to improper character string processing.
Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN13618065/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-47259 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-47259 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000116.html",
"dc:date": "2024-05-09T17:55+09:00",
"dcterms:issued": "2023-11-17T14:32+09:00",
"dcterms:modified": "2024-05-09T17:55+09:00",
"description": "Redmine contains a cross-site scripting vulnerability (CWE-79) due to improper character string processing.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000116.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000116",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13618065/index.html",
"@id": "JVN#13618065",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47259",
"@id": "CVE-2023-47259",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47259",
"@id": "CVE-2023-47259",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2022-000096
Vulnerability from jvndb
Published
2022-12-13 14:05
Modified
2024-06-03 16:47
Severity ?
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability (CWE-79) caused by improper Textile processing.
Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN60211811/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-44637 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-44637 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000096.html",
"dc:date": "2024-06-03T16:47+09:00",
"dcterms:issued": "2022-12-13T14:05+09:00",
"dcterms:modified": "2024-06-03T16:47+09:00",
"description": "Redmine contains a cross-site scripting vulnerability (CWE-79) caused by improper Textile processing.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000096.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000096",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN60211811/index.html",
"@id": "JVN#60211811",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44637",
"@id": "CVE-2022-44637",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44637",
"@id": "CVE-2022-44637",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}