Actions
Security Advisories » History » Revision 77
« Previous |
Revision 77/79
(diff)
| Next »
Holger Just, 2023-11-08 17:50
Add CVE IDs for vulnerabilities fixed in redmine 5.0.6, 4.2.11
Redmine Security Advisories¶
This page lists the security vulnerabilities that were fixed in Redmine releases, starting from 1.3.0. If you think that you've found a security vulnerability, please report it by sending an email to: security(at)redmine.org
.
To detect if your own Redmine is subject to any of these vulnerabilities, you can use Planio's Redmine Security Scanner.
Severity | Details | External references | Affected versions | Fixed versions |
---|---|---|---|---|
High | XSS in Textile formatter (#38807) | CVE-2023-47259 | All prior releases | 5.0.6 and 4.2.11 |
High | XSS in Markdown formatter (#38806) | CVE-2023-47258 | All prior releases | 5.0.6 and 4.2.11 |
High | XSS Vulnerability in Thumbnails (#38417) | CVE-2023-47260 | All prior releases | 5.0.6 and 4.2.11 |
Moderate | Insufficient permission checks when adding attachments to issues (#38297) | All prior releases | 5.0.5 and 4.2.10 | |
Low | Avoid double-render error with ApplicationController#find_optional_project (#38063) | All prior releases | 5.0.5 and 4.2.10 | |
Critical | Access Control Issue in attachments#download_all (#37772) | CVE-2022-44030 | 5.0.0 - 5.0.3 | 5.0.4 |
High | Persistent XSS in textile formatting due to blockquote citation (#37751) | CVE-2022-44031 | All prior releases | 5.0.4 and 4.2.9 |
High | Redmine contains a cross-site scripting vulnerability (#37767) | CVE-2022-44637 | All prior releases | 5.0.4 and 4.2.9 |
Moderate | Open Redirect in attachments#download_all (#37880) | All prior releases since 4.2.0 | 5.0.4 and 4.2.9 | |
Moderate | Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service (#37872) | CVE-2022-39209 | 5.0.0 - 5.0.3 | 5.0.4 |
Moderate | no-permission-check allows issue creation in closed/archived projects (#37187) | All prior releases | 5.0.2 and 4.2.7 | |
High | Information Leak in QueryAssociationColumn and QueryAssociationCustomFieldColumn (#37255) | All prior releases since 3.4.0 | 5.0.2 and 4.2.7 | |
High | Remote code execution in commonmarker gem (#37136) |
CVE-2022-24724 | 5.0.0 and 5.0.1 | 5.0.2 |
Moderate | 3 XSS security vulnerabilities in jQuery UI < v1.13.0 (#37256) | CVE-2021-41182, CVE-2021-41183, CVE-2021-41184 | All prior releases | 5.0.2 and 4.2.7 |
Moderate | Ruby on Rails vulnerability (announcement) | CVE-2022-22577, CVS-2022-27777 | All prior releases | 5.0.1 and 4.2.6 |
Moderate | Ruby on Rails vulnerability (announcement) | CVE-2022-23633 | All Redmine 4.* versions | 4.2.4 and 4.1.6 |
Moderate | Activities index view is leaking usernames (#35789) | CVE-2021-42326 | All prior releases | 4.2.3 and 4.1.5 |
Low | User sessions not reset after activation of two-factor authentication (#35417) | CVE-2021-37156 | 4.2.0 and 4.2.1 | 4.2.2 |
High | Ruby on Rails vulnerabilities (announcement) | CVE-2021-22885, CVE-2021-22904 | All prior releases | 4.2.2 and 4.1.4 |
Low | Mail handler bypasses add_issue_notes permission (#35045) | CVE-2021-31864 | All prior releases since 3.3.0 | 4.2.1, 4.1.3 and 4.0.9 |
Moderate | Allowed filename extensions of attachments can be circumvented (#34367) | CVE-2021-31865 | All prior releases | 4.2.1, 4.1.3 and 4.0.9 |
Critical | Arbitrary file read in Git adapter (#35085) | CVE-2021-31863 | All prior releases | 4.2.1, 4.1.3 and 4.0.9 |
Moderate | SysController and MailHandlerController are vulnerable to timing attack (#34950) | CVE-2021-31866 | All prior releases to 4.2.0 | 4.2.0, 4.1.3 and 4.0.9 |
High | Inline issue auto complete doesn't sanitize HTML tags (#33846) | CVE-2021-29274 | 4.1.0 and 4.1.1 | 4.1.2 and 4.0.8 |
Moderate | Names of private projects are leaked by issue journal details that contain project_id changes(#33360) | CVE-2021-30163 | All prior releases | 4.1.2 and 4.0.8 |
High | Issues API bypasses add_issue_notes permission (#33689) | CVE-2021-30164 | All prior releases since 3.3.0 | 4.1.2 and 4.0.8 |
High | Ruby on Rails vulnerabilities (rails 5.2.4.3, rails 5.2.4.5) | CVE-2020-8162, CVE-2020-8164, CVE-2020-8165, CVE-2020-8166, CVE-2020-8167, CVE-2021-22880, CVE-2021-22881 | All prior releases | 4.1.2 and 4.0.8 |
Moderate | XSS vulnerability due to missing back_url validation (#32850) | CVE-2020-36306 | All prior releases | 4.1.1 and 4.0.7 |
High | Persistent XSS vulnerabilities in textile inline links (#32934) | CVE-2020-36307 | All prior releases | 4.1.1 and 4.0.7 |
Moderate | Time entries CSV export may disclose subjects of issues that are not visible | CVE-2020-36308 | All prior releases | 4.1.1 and 4.0.7 |
Moderate | Improper markup sanitization in Textile formatting (#25742) | CVE-2019-25026 | All prior releases | 4.0.6 and 3.4.13 |
Critical | SQL injection | CVE-2019-18890 | Redmine <= 3.3.9 | 3.3.10 |
High | Persistent XSS in textile formatting | CVE-2019-17427 | All prior releases | 3.4.11 and 4.0.4 |
Critical | Ruby on Rails vulnerabilities (announcement) | CVE-2019-5418, CVE-2019-5419, CVE-2019-5420 | All prior releases | 3.4.10 and 4.0.3 |
High | Remote command execution through mercurial adapter | CVE-2017-18026 | All prior releases | 3.2.9, 3.3.6 and 3.4.4 |
High | Multiple XSS vulnerabilities (#27186) | CVE-2017-15568, CVE-2017-15569, CVE-2017-15570, CVE-2017-15571 | All prior releases | 3.2.8, 3.3.5 and 3.4.3 |
Low | Email reminders reveal information about inaccessible issues (#25713) | CVE-2017-16804 | All prior releases | 3.2.7, 3.3.4 and 3.4.0 |
Moderate | Improper markup sanitization in wiki content (#25503) | CVE-2017-15573 | All prior releases | 3.2.6 and 3.3.3 |
Moderate | Use redirect on /account/lost_password to prevent password reset tokens in referers (#24416) | CVE-2017-15572 | All prior releases | 3.2.6 and 3.3.3 |
Moderate | Redmine.pm doesn't check that the repository module is enabled on project (#24307) | CVE-2017-15575 | All prior releases | 3.2.6 and 3.3.3 |
High | Stored XSS with SVG attachments (#24199) | CVE-2017-15574 | All prior releases | 3.2.6 and 3.3.3 |
Moderate | Information leak when rendering Time Entry on activity view (#23803) | CVE-2017-15576 | All prior releases | 3.2.6 and 3.3.3 |
Moderate | Information leak when rendering Wiki links (#23793) | CVE-2017-15577 | All prior releases | 3.2.6 and 3.3.3 |
High | Persistent XSS vulnerabilities in text formatting (Textile and Markdown) and project homepage | CVE-2016-10515 | All prior releases | 3.2.3 |
Critical | ImageMagick vulnerabilities | CVE-2016-3714 | All prior releases since 2.1.0 | 3.1.5 and 3.2.2 |
Moderate | Data disclosure in atom feed | CVE-2015-8537 | All prior releases | 2.6.9, 3.0.7 and 3.1.3 |
Moderate | Potential changeset message disclosure in issues API | CVE-2015-8473 | All prior releases | 2.6.8, 3.0.6 and 3.1.2 |
Moderate | Data disclosure on the time logging form | CVE-2015-8346 | All prior releases | 2.6.8, 3.0.6 and 3.1.2 |
Moderate | Open Redirect vulnerability | CVE-2015-8474 | 2.5.1 to 2.6.6, 3.0.0 to 3.0.4 and 3.1.0 | 2.6.7, 3.0.5 and 3.1.1 |
Low | Potential XSS vulnerability when rendering some flash messages | CVE-2015-8477 | All prior releases | 2.6.2 and 3.0.0 |
Moderate | Potential data leak (project names) in the invalid form authenticity token error screen | All prior releases | 2.4.6 and 2.5.2 | |
Moderate | Open Redirect vulnerability | JVN#93004610, CVE-2014-1985 | All prior releases | 2.4.5 and 2.5.1 |
Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.4 | 2.2.4, 2.3.0 | |
Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.3 | 2.2.3 | |
Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.1 and 2.1.6 | Fix for 1.4.7 | |
Critical | Ruby on Rails vulnerability (announcement) | All releases prior to 2.2.1 and 2.1.6 | 1.4.7 | |
Critical | Ruby on Rails vulnerability (announcement) | All prior releases | 2.2.1, 2.1.6, 1.4.6 | |
Moderate | XSS vulnerability | 2.1.0 and 2.1.1 | 2.1.2 | |
High | Persistent XSS vulnerability | JVN#93406632, CVE-2012-0327 | All prior releases | 1.3.2 |
Moderate | Mass-assignemnt vulnerability that would allow an attacker to bypass part of the security checks | All prior releases | 1.3.2 | |
High | Vulnerability that would allow an attacker to bypass the CSRF protection | All prior releases | 1.3.0 |
Updated by Holger Just about 1 year ago · 77 revisions locked