redmine
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | A flexible project management web application written using Ruby on Rails framework. |
Version |
4.2.0-1 [community-testing] 4.1.1-2 [community] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1743 | 4.1.1-2 | 4.2.0-1 | High | Testing | FS#70203 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-30164 | AVG-1743 | High | Yes | Access restriction bypass | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. |
CVE-2021-30163 | AVG-1743 | Medium | Yes | Information disclosure | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to... |
CVE-2021-29274 | AVG-1743 | High | Yes | Cross-site scripting | Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip. |