redmine

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A flexible project management web application written using Ruby on Rails framework.
Version	4.2.0-1 [community-testing] 4.1.1-2 [community]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1743	4.1.1-2	4.2.0-1	High	Testing	FS#70203

Issue	Group	Severity	Remote	Type	Description
CVE-2021-30164	AVG-1743	High	Yes	Access restriction bypass	Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVE-2021-30163	AVG-1743	Medium	Yes	Information disclosure	Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to...
CVE-2021-29274	AVG-1743	High	Yes	Cross-site scripting	Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip.

Issue

Group

Severity

Remote

Type

Description

CVE-2021-30164

AVG-1743

High

Yes

Access restriction bypass

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.

CVE-2021-30163

AVG-1743

Medium

Yes

Information disclosure

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to...

CVE-2021-29274

AVG-1743

High

Yes

Cross-site scripting

Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issue's subject is mishandled in the auto complete tip.