All the vulnerabilites related to Redmine - Redmine
cve-2020-36306
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36306",
"datePublished": "2021-04-06T07:59:42",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47258
Vulnerability from cvelistv5
Published
2023-11-05 00:00
Modified
2024-09-05 14:21
Severity ?
EPSS score ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:21:13.550364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:21:27.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-05T03:14:35.371465",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47258",
"datePublished": "2023-11-05T00:00:00",
"dateReserved": "2023-11-05T00:00:00",
"dateUpdated": "2024-09-05T14:21:27.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10515
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-06 03:21
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:52.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10515",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-06T03:21:52.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8477
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/12/05/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/12/05/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/19117 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/19117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T01:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/19117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/repository/entry/tags/2.6.2/doc/CHANGELOG"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/8"
},
{
"name": "[oss-security] 20151205 Re: CVE request: Redmine: cross-site scripting vulnerability fixed in 3.0.0 and 2.6.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/05/7"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/19117",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/19117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8477",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2015-12-05T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15568
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15568",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0327
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/52447 | vdb-entry, x_refsource_BID | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN93406632/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.redmine.org/versions/42 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52447"
},
{
"name": "JVNDB-2012-000025",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"name": "JVN#93406632",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redmine.org/versions/42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "52447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52447"
},
{
"name": "JVNDB-2012-000025",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"name": "JVN#93406632",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redmine.org/versions/42"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52447"
},
{
"name": "JVNDB-2012-000025",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025"
},
{
"name": "JVN#93406632",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93406632/index.html"
},
{
"name": "http://www.redmine.org/versions/42",
"refsource": "MISC",
"url": "http://www.redmine.org/versions/42"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-0327",
"datePublished": "2012-04-04T10:00:00",
"dateReserved": "2012-01-04T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15574
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/issues/24199 | x_refsource_CONFIRM | |
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/24199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/24199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/issues/24199",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/24199"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15574",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42326
Vulnerability from cvelistv5
Published
2021-10-12 18:08
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/133 | x_refsource_MISC | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 | x_refsource_MISC | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"name": "[debian-lts-announce] 20211018 [SECURITY] [DLA 2787-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T19:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"name": "[debian-lts-announce] 20211018 [SECURITY] [DLA 2787-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/133",
"refsource": "MISC",
"url": "https://www.redmine.org/news/133"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"
},
{
"name": "[debian-lts-announce] 20211018 [SECURITY] [DLA 2787-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42326",
"datePublished": "2021-10-12T18:08:53",
"dateReserved": "2021-10-12T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44031
Vulnerability from cvelistv5
Published
2022-12-12 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44031",
"datePublished": "2022-12-12T00:00:00",
"dateReserved": "2022-10-30T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4928
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/06/5 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2261 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/01/06/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/news/49 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"name": "http://www.redmine.org/news/49",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4928",
"datePublished": "2012-10-08T18:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:46.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15576
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/23803 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/23803"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/23803"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/23803",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/23803"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15576",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44030
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/news/139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"url": "https://www.redmine.org/news/139"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44030",
"datePublished": "2022-12-06T00:00:00",
"dateReserved": "2022-10-30T00:00:00",
"dateUpdated": "2024-08-03T13:47:05.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30164
Vulnerability from cvelistv5
Published
2021-04-06 07:58
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30164",
"datePublished": "2021-04-06T07:58:51",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4459
Vulnerability from cvelistv5
Published
2009-12-30 19:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37425 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/10554 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54947 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37425"
},
{
"name": "10554",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"name": "redmine-title-xss(54947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37425"
},
{
"name": "10554",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"name": "redmine-title-xss(54947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37425"
},
{
"name": "10554",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10554"
},
{
"name": "redmine-title-xss(54947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4459",
"datePublished": "2009-12-30T19:00:00",
"dateReserved": "2009-12-30T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15572
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/24416 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/24416"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/24416"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/24416",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/24416"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15572",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1723
Vulnerability from cvelistv5
Published
2011-04-19 19:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/47193 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/43999 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/517355/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2011/0895 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/8211 | third-party-advisory, x_refsource_SREASON | |
| http://osvdb.org/71564 | vdb-entry, x_refsource_OSVDB | |
| http://www.redmine.org/news/53 | x_refsource_CONFIRM | |
| http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66612 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47193"
},
{
"name": "43999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43999"
},
{
"name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"name": "ADV-2011-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"name": "8211",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8211"
},
{
"name": "71564",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71564"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"name": "redmine-base-xss(66612)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47193"
},
{
"name": "43999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43999"
},
{
"name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"name": "ADV-2011-0895",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"name": "8211",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8211"
},
{
"name": "71564",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71564"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"name": "redmine-base-xss(66612)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47193"
},
{
"name": "43999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43999"
},
{
"name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded"
},
{
"name": "ADV-2011-0895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0895"
},
{
"name": "8211",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8211"
},
{
"name": "71564",
"refsource": "OSVDB",
"url": "http://osvdb.org/71564"
},
{
"name": "http://www.redmine.org/news/53",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/53"
},
{
"name": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/"
},
{
"name": "redmine-base-xss(66612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1723",
"datePublished": "2011-04-19T19:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2054
Vulnerability from cvelistv5
Published
2012-04-04 10:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/versions/42 | x_refsource_CONFIRM | |
| http://www.redmine.org/issues/10390 | x_refsource_CONFIRM | |
| http://www.redmine.org/boards/2/topics/29343 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/versions/42"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/issues/10390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/boards/2/topics/29343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-04T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/versions/42"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/issues/10390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/boards/2/topics/29343"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model\u0027s attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/versions/42",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/versions/42"
},
{
"name": "http://www.redmine.org/issues/10390",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/issues/10390"
},
{
"name": "http://www.redmine.org/boards/2/topics/29343",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/boards/2/topics/29343"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2054",
"datePublished": "2012-04-04T10:00:00Z",
"dateReserved": "2012-04-04T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:00.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15569
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
},
{
"name": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15569",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17427
Vulnerability from cvelistv5
Published
2019-10-10 00:42
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.debian.org/security/2019/dsa-4574 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Nov/31 | mailing-list, x_refsource_BUGTRAQ | |
| https://usn.ubuntu.com/4200-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/RealLinkers/CVE-2019-17427 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/RealLinkers/CVE-2019-17427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T18:37:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RealLinkers/CVE-2019-17427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4574",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "USN-4200-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"name": "https://github.com/RealLinkers/CVE-2019-17427",
"refsource": "MISC",
"url": "https://github.com/RealLinkers/CVE-2019-17427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17427",
"datePublished": "2019-10-10T00:42:09",
"dateReserved": "2019-10-10T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47259
Vulnerability from cvelistv5
Published
2023-11-05 00:00
Modified
2024-09-05 14:20
Severity ?
EPSS score ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:35.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:20:17.501573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:20:32.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-05T03:14:29.044810",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47259",
"datePublished": "2023-11-05T00:00:00",
"dateReserved": "2023-11-05T00:00:00",
"dateUpdated": "2024-09-05T14:20:32.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8473
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/78621 | vdb-entry, x_refsource_BID | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_3_0 | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/21136 | x_refsource_CONFIRM | |
| https://www.redmine.org/versions/105 | x_refsource_CONFIRM | |
| https://www.redmine.org/projects/redmine/wiki/Changelog_3_1 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/21136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/versions/105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/21136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/versions/105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78621"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_0"
},
{
"name": "https://www.redmine.org/issues/21136",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/21136"
},
{
"name": "https://www.redmine.org/versions/105",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/versions/105"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Changelog_3_1"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"name": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8473",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15573
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/25503 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/25503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/25503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/25503",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/25503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15573",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15571
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
},
{
"name": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15571",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1985
Vulnerability from cvelistv5
Published
2014-04-11 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.redmine.org/projects/redmine/wiki/Changelog | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN93004610/index.html | third-party-advisory, x_refsource_JVN | |
| https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q2/84 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/66674 | vdb-entry, x_refsource_BID | |
| http://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57524 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redmine.org/projects/redmine/wiki/Changelog_2_4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"name": "JVN#93004610",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"name": "[oss-security] 20140410 Re: CVE request: redmine open redirector",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"name": "66674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "57524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57524"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"name": "JVN#93004610",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"name": "[oss-security] 20140410 Re: CVE request: redmine open redirector",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"name": "66674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "57524",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57524"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000041",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Changelog",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog"
},
{
"name": "JVN#93004610",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93004610/index.html"
},
{
"name": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3"
},
{
"name": "[oss-security] 20140410 Re: CVE request: redmine open redirector",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/84"
},
{
"name": "66674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66674"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "57524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57524"
},
{
"name": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/projects/redmine/wiki/Changelog_2_4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1985",
"datePublished": "2014-04-11T14:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37156
Vulnerability from cvelistv5
Published
2021-08-05 20:36
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/132 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:02.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user\u0027s account, but the intended behavior is for those sessions to be terminated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:36:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user\u0027s account, but the intended behavior is for those sessions to be terminated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/132",
"refsource": "MISC",
"url": "https://www.redmine.org/news/132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37156",
"datePublished": "2021-08-05T20:36:35",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:02.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8474
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/news/101 | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/19577 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/78625 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:41.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/19577"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"name": "78625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/19577"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"name": "78625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/news/101",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/101"
},
{
"name": "https://www.redmine.org/issues/19577",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/19577"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"name": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472"
},
{
"name": "78625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8474",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-12-04T00:00:00",
"dateUpdated": "2024-08-06T08:20:41.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15570
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/27186 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/27186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/27186",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/27186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15570",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16804
Vulnerability from cvelistv5
Published
2017-11-13 20:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/25713 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/25713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/25713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/25713",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/25713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16804",
"datePublished": "2017-11-13T20:00:00",
"dateReserved": "2017-11-13T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44637
Vulnerability from cvelistv5
Published
2022-12-12 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:04.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44637",
"datePublished": "2022-12-12T00:00:00",
"dateReserved": "2022-11-03T00:00:00",
"dateUpdated": "2024-08-03T13:54:04.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4079
Vulnerability from cvelistv5
Published
2009-11-25 21:22
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3291 | vdb-entry, x_refsource_VUPEN | |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/37066 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54334 | vdb-entry, x_refsource_XF | |
| http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN87341298/index.html | third-party-advisory, x_refsource_JVN | |
| http://rubyforge.org/frs/shownotes.php?release_id=41440 | x_refsource_MISC | |
| http://secunia.com/advisories/37420 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:08.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"name": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15",
"refsource": "MISC",
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=41440",
"refsource": "MISC",
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4079",
"datePublished": "2009-11-25T21:22:00",
"dateReserved": "2009-11-25T00:00:00",
"dateUpdated": "2024-08-07T06:54:08.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31866
Vulnerability from cvelistv5
Published
2021-04-28 06:16
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31866",
"datePublished": "2021-04-28T06:16:31",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31865
Vulnerability from cvelistv5
Published
2021-04-28 06:16
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31865",
"datePublished": "2021-04-28T06:16:47",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47260
Vulnerability from cvelistv5
Published
2023-11-05 00:00
Modified
2024-09-05 14:19
Severity ?
EPSS score ?
Summary
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:35.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:19:09.426086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:19:21.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-05T03:14:15.304668",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47260",
"datePublished": "2023-11-05T00:00:00",
"dateReserved": "2023-11-05T00:00:00",
"dateUpdated": "2024-09-05T14:19:21.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36307
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36307",
"datePublished": "2021-04-06T07:59:32",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30163
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-03 22:24
Severity ?
EPSS score ?
Summary
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:59.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30163",
"datePublished": "2021-04-06T07:59:55",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-03T22:24:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4078
Vulnerability from cvelistv5
Published
2009-11-25 21:22
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3291 | vdb-entry, x_refsource_VUPEN | |
| http://rubyforge.org/frs/shownotes.php?release_id=41108 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37066 | vdb-entry, x_refsource_BID | |
| http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN87341298/index.html | third-party-advisory, x_refsource_JVN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54333 | vdb-entry, x_refsource_XF | |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN01245481/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/37420 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "redmine-unspecified-input-xss(54333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"name": "JVNDB-2009-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"name": "JVN#01245481",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3291",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"name": "37066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"name": "JVN#87341298",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "redmine-unspecified-input-xss(54333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"name": "JVNDB-2009-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"name": "JVN#01245481",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"name": "37420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=41108",
"refsource": "CONFIRM",
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41108"
},
{
"name": "37066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/wiki/redmine/Changelog#v086-2009-11-04"
},
{
"name": "JVN#87341298",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "redmine-unspecified-input-xss(54333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54333"
},
{
"name": "JVNDB-2009-000073",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000073.html"
},
{
"name": "JVN#01245481",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01245481/index.html"
},
{
"name": "37420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4078",
"datePublished": "2009-11-25T21:22:00",
"dateReserved": "2009-11-25T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18026
Vulnerability from cvelistv5
Published
2018-01-10 09:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/issues/27516 | x_refsource_MISC | |
| https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678 | x_refsource_MISC | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd | x_refsource_MISC | |
| https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:50.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/issues/27516"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/issues/27516"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/issues/27516",
"refsource": "MISC",
"url": "https://www.redmine.org/issues/27516"
},
{
"name": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"
},
{
"name": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e",
"refsource": "MISC",
"url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18026",
"datePublished": "2018-01-10T09:00:00",
"dateReserved": "2018-01-10T00:00:00",
"dateUpdated": "2024-08-05T21:06:50.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15575
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.redmine.org/issues/24307 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/24307"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project\u0027s settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/24307"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project\u0027s settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/24307",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/24307"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15575",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31863
Vulnerability from cvelistv5
Published
2021-04-28 06:17
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31863",
"datePublished": "2021-04-28T06:17:10",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8537
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/news/103 | x_refsource_CONFIRM | |
| https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/news/103",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/103"
},
{
"name": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8537",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-12-10T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25026
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25026",
"datePublished": "2021-04-06T07:59:04",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4929
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/06/5 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2261 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/01/06/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/news/49 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"name": "http://www.redmine.org/news/49",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4929",
"datePublished": "2012-10-08T18:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:09.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15577
Vulnerability from cvelistv5
Published
2017-10-18 02:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4191 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.redmine.org/issues/23793 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/23793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/23793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name": "https://www.redmine.org/issues/23793",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/23793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15577",
"datePublished": "2017-10-18T02:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36308
Vulnerability from cvelistv5
Published
2021-04-06 07:59
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36308",
"datePublished": "2021-04-06T07:59:18",
"dateReserved": "2021-04-06T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4927
Vulnerability from cvelistv5
Published
2012-10-08 18:00
Modified
2024-09-16 20:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/01/06/5 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2261 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/01/06/7 | mailing-list, x_refsource_MLIST | |
| http://www.redmine.org/news/49 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120106 CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/5"
},
{
"name": "DSA-2261",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2261"
},
{
"name": "[oss-security] 20120106 Re: CVE request: redmine issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/06/7"
},
{
"name": "http://www.redmine.org/news/49",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4927",
"datePublished": "2012-10-08T18:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:31:20.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31864
Vulnerability from cvelistv5
Published
2021-04-28 06:16
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/news/131 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/news/131",
"refsource": "MISC",
"url": "https://www.redmine.org/news/131"
},
{
"name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2658-1] redmine security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31864",
"datePublished": "2021-04-28T06:16:57",
"dateReserved": "2021-04-28T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29274
Vulnerability from cvelistv5
Published
2021-03-29 03:46
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://www.redmine.org/issues/33846 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/issues/33846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redmine 4.1.x before 4.1.2 allows XSS because an issue\u0027s subject is mishandled in the auto complete tip."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-29T05:12:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/issues/33846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redmine 4.1.x before 4.1.2 allows XSS because an issue\u0027s subject is mishandled in the auto complete tip."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://www.redmine.org/issues/33846",
"refsource": "MISC",
"url": "https://www.redmine.org/issues/33846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29274",
"datePublished": "2021-03-29T03:46:59",
"dateReserved": "2021-03-29T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8346
Vulnerability from cvelistv5
Published
2016-04-12 14:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/issues/21150 | x_refsource_CONFIRM | |
| http://www.redmine.org/news/102 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3529 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.redmine.org/issues/21150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/news/102"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-12T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.redmine.org/issues/21150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/news/102"
},
{
"name": "DSA-3529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/issues/21150",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/21150"
},
{
"name": "http://www.redmine.org/news/102",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/news/102"
},
{
"name": "DSA-3529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3529"
},
{
"name": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c",
"refsource": "CONFIRM",
"url": "https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8346",
"datePublished": "2016-04-12T14:00:00",
"dateReserved": "2015-11-25T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4481
Vulnerability from cvelistv5
Published
2008-10-08 01:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redmine.org/wiki/redmine/Changelog | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43884 | vdb-entry, x_refsource_XF | |
| http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN00945448/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/30241 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"name": "redmine-unspecified-xss(43884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"name": "JVNDB-2008-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"name": "JVN#00945448",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"name": "30241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"name": "redmine-unspecified-xss(43884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"name": "JVNDB-2008-000038",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"name": "JVN#00945448",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"name": "30241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redmine.org/wiki/redmine/Changelog",
"refsource": "CONFIRM",
"url": "http://www.redmine.org/wiki/redmine/Changelog"
},
{
"name": "redmine-unspecified-xss(43884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43884"
},
{
"name": "JVNDB-2008-000038",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html"
},
{
"name": "JVN#00945448",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00945448/index.html"
},
{
"name": "30241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4481",
"datePublished": "2008-10-08T01:00:00",
"dateReserved": "2008-10-07T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18890
Vulnerability from cvelistv5
Published
2019-11-21 17:46
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.redmine.org/projects/redmine/wiki/Security_Advisories | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2019-18890 | x_refsource_MISC | |
| https://www.debian.org/security/2019/dsa-4574 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Nov/31 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4574 | x_refsource_MISC | |
| https://usn.ubuntu.com/4200-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/RealLinkers/CVE-2019-18890 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/RealLinkers/CVE-2019-18890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T14:50:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"name": "DSA-4574",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "USN-4200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/RealLinkers/CVE-2019-18890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "MISC",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-18890",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-18890"
},
{
"name": "DSA-4574",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "20191119 [SECURITY] [DSA 4574-1] redmine security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/31"
},
{
"name": "https://www.debian.org/security/2019/dsa-4574",
"refsource": "MISC",
"url": "https://www.debian.org/security/2019/dsa-4574"
},
{
"name": "USN-4200-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4200-1/"
},
{
"name": "https://github.com/RealLinkers/CVE-2019-18890",
"refsource": "MISC",
"url": "https://github.com/RealLinkers/CVE-2019-18890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18890",
"datePublished": "2019-11-21T17:46:41",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2009-000074
Vulnerability from jvndb
Published
2009-11-19 15:45
Modified
2009-11-19 15:45
Summary
Redmine vulnerable to cross-site request forgery
Details
Redmine contains a cross-site request forgery vulnerability.
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html",
"dc:date": "2009-11-19T15:45+09:00",
"dcterms:issued": "2009-11-19T15:45+09:00",
"dcterms:modified": "2009-11-19T15:45+09:00",
"description": "Redmine contains a cross-site request forgery vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site request forgery vulnerability.\r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87341298/index.html",
"@id": "JVN#87341298",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4079",
"@id": "CVE-2009-4079",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4079",
"@id": "CVE-2009-4079",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37420",
"@id": "SA37420",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37066",
"@id": "37066",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54334",
"@id": "54334",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/3291",
"@id": "VUPEN/ADV-2009-3291",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Redmine vulnerable to cross-site request forgery"
}
jvndb-2012-000025
Vulnerability from jvndb
Published
2012-03-13 13:39
Modified
2012-03-13 13:39
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Kousuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html",
"dc:date": "2012-03-13T13:39+09:00",
"dcterms:issued": "2012-03-13T13:39+09:00",
"dcterms:modified": "2012-03-13T13:39+09:00",
"description": "Redmine contains a cross-site scripting vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site scripting vulnerability.\r\n\r\nKousuke Ebihara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000025",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93406632/index.html",
"@id": "JVN#93406632",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0327",
"@id": "CVE-2012-0327",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0327",
"@id": "CVE-2012-0327",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2008-000038
Vulnerability from jvndb
Published
2008-07-08 12:15
Modified
2008-07-08 12:15
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine, open source project management software, contains a cross-site scripting vulnerbility.
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.
Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html",
"dc:date": "2008-07-08T12:15+09:00",
"dcterms:issued": "2008-07-08T12:15+09:00",
"dcterms:modified": "2008-07-08T12:15+09:00",
"description": "Redmine, open source project management software, contains a cross-site scripting vulnerbility.\r\n\r\nRedmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.\r\n\r\nToshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000038",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN00945448/index.html",
"@id": "JVN#00945448",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4481",
"@id": "CVE-2008-4481",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4481",
"@id": "CVE-2008-4481",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html",
"@id": "JVNDB-2008-000038",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2009-000073
Vulnerability from jvndb
Published
2009-11-19 15:45
Modified
2009-11-19 15:45
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html",
"dc:date": "2009-11-19T15:45+09:00",
"dcterms:issued": "2009-11-19T15:45+09:00",
"dcterms:modified": "2009-11-19T15:45+09:00",
"description": "Redmine contains a cross-site scripting vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site scripting vulnerability.\r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000073",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01245481/index.html",
"@id": "JVN#01245481",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4078",
"@id": "CVE-2009-4078",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4078",
"@id": "CVE-2009-4078",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37420",
"@id": "SA37420",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37066",
"@id": "37066",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54333",
"@id": "54333",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/3291",
"@id": "VUPEN/ADV-2009-3291",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2023-000116
Vulnerability from jvndb
Published
2023-11-17 14:32
Modified
2024-05-09 17:55
Severity ?
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability (CWE-79) due to improper character string processing.
Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN13618065/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-47259 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-47259 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000116.html",
"dc:date": "2024-05-09T17:55+09:00",
"dcterms:issued": "2023-11-17T14:32+09:00",
"dcterms:modified": "2024-05-09T17:55+09:00",
"description": "Redmine contains a cross-site scripting vulnerability (CWE-79) due to improper character string processing.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000116.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000116",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13618065/index.html",
"@id": "JVN#13618065",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47259",
"@id": "CVE-2023-47259",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47259",
"@id": "CVE-2023-47259",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2014-000041
Vulnerability from jvndb
Published
2014-04-16 15:06
Modified
2014-04-16 15:06
Summary
Redmine vulnerable to open redirect
Details
Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN93004610/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1985 | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html",
"dc:date": "2014-04-16T15:06+09:00",
"dcterms:issued": "2014-04-16T15:06+09:00",
"dcterms:modified": "2014-04-16T15:06+09:00",
"description": "Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000041",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN93004610/index.html",
"@id": "JVN#93004610",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985",
"@id": "CVE-2014-1985",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1985",
"@id": "CVE-2014-1985",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Redmine vulnerable to open redirect"
}
jvndb-2022-000096
Vulnerability from jvndb
Published
2022-12-13 14:05
Modified
2024-06-03 16:47
Severity ?
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability (CWE-79) caused by improper Textile processing.
Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN60211811/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-44637 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-44637 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000096.html",
"dc:date": "2024-06-03T16:47+09:00",
"dcterms:issued": "2022-12-13T14:05+09:00",
"dcterms:modified": "2024-06-03T16:47+09:00",
"description": "Redmine contains a cross-site scripting vulnerability (CWE-79) caused by improper Textile processing.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000096.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000096",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN60211811/index.html",
"@id": "JVN#60211811",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44637",
"@id": "CVE-2022-44637",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44637",
"@id": "CVE-2022-44637",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}