Known Vulnerabilities for products from Redmine
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Redmine".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-47260 json | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. | 6.1 - MEDIUM | 2023-11-05 | 2023-11-14 |
| CVE-2023-47259 json | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. | 6.1 - MEDIUM | 2023-11-05 | 2023-11-14 |
| CVE-2023-47258 json | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. | 6.1 - MEDIUM | 2023-11-05 | 2023-11-14 |
| CVE-2022-44637 json | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Re... | 6.1 - MEDIUM | 2022-12-12 | 2022-12-12 |
| CVE-2022-44031 json | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of th... | 6.1 - MEDIUM | 2022-12-12 | 2022-12-12 |
| CVE-2022-44030 json | Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission ... | 7.5 - HIGH | 2022-12-06 | 2022-12-08 |
| CVE-2021-42326 json | Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access f... | 5.3 - MEDIUM | 2021-10-12 | 2022-06-28 |
| CVE-2021-37156 json | Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's accou... | 7.5 - HIGH | 2021-08-05 | 2021-08-12 |
| CVE-2021-31866 json | Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observi... | 5.3 - MEDIUM | 2021-04-28 | 2021-06-01 |
| CVE-2021-31865 json | Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions o... | 5.3 - MEDIUM | 2021-04-28 | 2022-07-12 |
| CVE-2021-31864 json | Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission re... | 5.3 - MEDIUM | 2021-04-28 | 2022-07-12 |
| CVE-2021-31863 json | Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before... | 7.5 - HIGH | 2021-04-28 | 2021-06-01 |
| CVE-2021-30164 json | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveragi... | 9.8 - CRITICAL | 2021-04-06 | 2021-06-02 |
| CVE-2021-30163 json | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal detai... | 7.5 - HIGH | 2021-04-06 | 2022-06-28 |
| CVE-2021-29274 json | Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. | 6.1 - MEDIUM | 2021-03-29 | 2021-03-30 |
| CVE-2020-36308 json | Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a C... | 5.3 - MEDIUM | 2021-04-06 | 2021-06-01 |
| CVE-2020-36307 json | Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | 6.1 - MEDIUM | 2021-04-06 | 2021-06-01 |
| CVE-2020-36306 json | Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | 6.1 - MEDIUM | 2021-04-06 | 2021-06-01 |
| CVE-2019-25026 json | Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | 5.3 - MEDIUM | 2021-04-06 | 2021-06-01 |
| CVE-2019-18890 json | A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected infor... | 6.5 - MEDIUM | 2019-11-21 | 2019-11-26 |
Known software with vulnerabilities from Redmine
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Redmine | Git Hosting | 0.1.0 |
| Application | Redmine | Redmine | 0.1.0 |