AVG-1743 log

Package redmine
Status Testing
Severity High
Type multiple issues
Affected 4.1.1-2
Fixed 4.2.0-1
Current 4.2.0-1 [community-testing]
4.1.1-2 [community]
Ticket FS#70203
Created Mon Mar 29 08:22:04 2021
Issue Severity Remote Type Description
CVE-2021-30164 High Yes Access restriction bypass
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVE-2021-30163 Medium Yes Information disclosure
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to...
CVE-2021-29274 High Yes Cross-site scripting
Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip.