Search CVE reports


Toggle filters

1 – 10 of 50 results


CVE-2023-47260

Medium priority
Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-47259

Medium priority
Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-47258

Medium priority
Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-44637

Medium priority
Needs evaluation

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-44031

Medium priority
Needs evaluation

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-44030

Medium priority
Needs evaluation

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-27777

Medium priority
Needs evaluation

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

9 affected packages

rails, rails-4.0, redmine, ruby-actionpack-2.3, ruby-actionpack-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
redmine Not in release Needs evaluation Needs evaluation Needs evaluation
ruby-actionpack-2.3
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2021-42326

Medium priority
Needs evaluation

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-37156

Medium priority
Needs evaluation

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-31866

Medium priority
Needs evaluation

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages