Search CVE reports
1 – 10 of 50 results
CVE-2023-47260
Medium priorityRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-47259
Medium priorityRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-47258
Medium priorityRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-44637
Medium priorityRedmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-44031
Medium priorityRedmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-44030
Medium priorityRedmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-27777
Medium priorityA XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
9 affected packages
rails, rails-4.0, redmine, ruby-actionpack-2.3, ruby-actionpack-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
redmine | Not in release | — | Needs evaluation | Needs evaluation | Needs evaluation |
ruby-actionpack-2.3 | — | — | — | — | — |
ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-42326
Medium priorityRedmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | — | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-37156
Medium priorityRedmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-31866
Medium priorityRedmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
1 affected package
redmine
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redmine | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |