AVG-1920 log

Package redmine
Status Fixed
Severity Medium
Type multiple issues
Affected 4.2.1-1
Fixed 4.2.2-1
Current 4.2.2-2 [community-testing]
4.2.2-1 [community]
Ticket None
Created Wed May 5 17:09:11 2021
Issue Severity Remote Type Description
CVE-2021-37156 Low Yes Authentication bypass
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior...
CVE-2021-22904 Low Yes Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6...
CVE-2021-22885 Medium Yes Information disclosure
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when...