CVE-2021-37156 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Authentication bypass |
| Description | Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1920 | redmine | 4.2.1-1 | 4.2.2-1 | Medium | Fixed |
| References |
|---|
https://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.redmine.org/issues/35417 https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b |