BIT-redmine-2022-44030

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/redmine/BIT-redmine-2022-44030.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-redmine-2022-44030

Aliases

CVE-2022-44030

Published

2024-03-06T11:04:14.674Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

Database specific

{
    "cpes": [
        "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://www.redmine.org/news/139
https://www.redmine.org/projects/redmine/wiki/Security_Advisories

Affected packages

Bitnami / redmine

Package

Name: redmine
Purl: pkg:bitnami/redmine

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.0.0

Fixed

5.0.3