CVE-2021-31864 log

Source
Severity Low
Remote Yes
Type Access restriction bypass
Description
Redmine before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
Group Package Affected Fixed Severity Status Ticket
AVG-1743 redmine 4.1.1-2 4.2.1-1 Critical Fixed FS#70203
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-1 AVG-1743 redmine Critical multiple issues
References
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/35045
https://github.com/redmine/redmine/commit/d03a718e6efca0493d8b42bd4ba356d736a77f49