AVG-1920 log
| Package | redmine |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 4.2.1-1 |
| Fixed | 4.2.2-1 |
| Current | 6.0.5-1 [extra] |
| Ticket | None |
| Created | Wed May 5 17:09:11 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-37156 | Low | Yes | Authentication bypass | Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior... |
| CVE-2021-22904 | Low | Yes | Denial of service | There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6... |
| CVE-2021-22885 | Medium | Yes | Information disclosure | There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when... |