CVE-2021-29274
- EPSS 0.83%
- Veröffentlicht 29.03.2021 04:15:13
- Zuletzt bearbeitet 21.11.2024 06:00:55
Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
CVE-2019-18890
- EPSS 4.34%
- Veröffentlicht 21.11.2019 18:15:11
- Zuletzt bearbeitet 21.11.2024 04:33:47
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
CVE-2019-17427
- EPSS 1.6%
- Veröffentlicht 10.10.2019 02:05:46
- Zuletzt bearbeitet 21.11.2024 04:32:18
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
CVE-2017-18026
- EPSS 2.83%
- Veröffentlicht 10.01.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:11
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors inv...
CVE-2017-16804
- EPSS 1.63%
- Veröffentlicht 13.11.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
CVE-2017-15577
- EPSS 1.62%
- Veröffentlicht 18.10.2017 02:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
CVE-2017-15576
- EPSS 1.62%
- Veröffentlicht 18.10.2017 02:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
CVE-2017-15575
- EPSS 1.29%
- Veröffentlicht 18.10.2017 02:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified...
CVE-2017-15574
- EPSS 1.14%
- Veröffentlicht 18.10.2017 02:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
CVE-2017-15573
- EPSS 1.13%
- Veröffentlicht 18.10.2017 02:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.