---

CVE-2021-31866 - log back

CVE-2021-31866 edited at 19 May 2021 10:41:19

Description

- Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. + Redmine before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

CVE-2021-31866 edited at 28 Apr 2021 08:10:38
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
References	+ https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/34950 + https://github.com/redmine/redmine/commit/23e09ef64e26d6f63dcdcd624827440d9ad05f93

CVE-2021-31866 created at 28 Apr 2021 08:09:15
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes