Bitnami/redmine — 18 CVEs

Loading…

All known vulnerabilities

CRITICAL9.8CVE-2021-30164Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues…

from 0, < 4.0.8, >= 4.1.0, < 4.1.2

HIGH7.5CVE-2021-37156Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the in…

>= 4.2.0, < 4.2.1, >= 4.2.1, < 4.2.2

HIGH7.5Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks.

>= 5.0.0, < 5.0.4

HIGH7.5Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows…

from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1

HIGH7.5Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that…

from 0, < 4.0.8, >= 4.1.0, < 4.1.2

MEDIUM6.1Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.

>= 4.1.0, < 4.1.2

MEDIUM6.1Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.

from 0, < 4.2.11, >= 5.0.0, < 5.0.6

MEDIUM6.1Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.

from 0, < 4.2.11, >= 5.0.0, < 5.0.6

MEDIUM6.1redmine - security update

from 0, < 4.2.11, >= 5.0.0, < 5.0.6

MEDIUM6.1Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textil…

from 0, < 4.2.9, >= 5.0.0, < 5.0.4

MEDIUM6.1Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote s…

from 0, < 4.2.9, >= 5.0.0, < 5.0.4

MEDIUM6.1Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.

from 0, < 4.0.7, >= 4.1.0, < 4.1.1

MEDIUM6.1Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.

from 0, < 4.0.7, >= 4.1.0, < 4.1.1

MEDIUM5.3redmine - security update

from 0, < 4.1.5, >= 4.2.0, < 4.2.3

MEDIUM5.3Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing diff…

from 0, < 4.0.9, >= 4.1.0, < 4.1.3

MEDIUM5.3Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded att…

from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1

MEDIUM5.3Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by l…

from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1

MEDIUM5.3Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and…

from 0, < 4.0.7, >= 4.1.0, < 4.1.1

pkg:Bitnami/redmine

✅ Check your installed version

All known vulnerabilities