redmine

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A flexible project management web application written using Ruby on Rails framework.
Version 4.2.0-1 [community-testing]
4.1.1-2 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1743 4.1.1-2 4.2.0-1 High Testing FS#70203
Issue Group Severity Remote Type Description
CVE-2021-30164 AVG-1743 High Yes Access restriction bypass
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVE-2021-30163 AVG-1743 Medium Yes Information disclosure
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to...
CVE-2021-29274 AVG-1743 High Yes Cross-site scripting
Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip.