---

CVE-2021-37156 - log back

CVE-2021-37156 edited at 05 Aug 2021 22:31:14
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Authentication bypass
Description	+ Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
References	+ https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/35417 + https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b

CVE-2021-37156 created at 05 Aug 2021 22:28:11
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes