Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine redmine vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-15572
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.1
Redmine Redmine
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15573
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, XSS exists because markup is mishandled in wiki content.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Debian Debian Linux 9.0
383
VMScore
CVE-2017-15574
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, stored XSS is possible by using an SVG document as an attachment.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Redmine Redmine 3.3.0
Debian Debian Linux 9.0
668
VMScore
CVE-2017-15575
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote malicious users to obtain sensitive differences information or possibly have unspecified other impact.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Debian Debian Linux 9.0
445
VMScore
CVE-2017-15576
Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles Time Entry rendering in activity views, which allows remote malicious users to obtain sensitive information.
Redmine Redmine
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Debian Debian Linux 9.0
445
VMScore
CVE-2017-15577
Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles the rendering of wiki links, which allows remote malicious users to obtain sensitive information.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Redmine Redmine 3.3.0
Debian Debian Linux 9.0
1 Github repository
445
VMScore
CVE-2021-37156
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
Redmine Redmine 4.2.0
Redmine Redmine 4.2.1
383
VMScore
CVE-2016-10515
In Redmine prior to 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
Redmine Redmine
NA
CVE-2022-44030
Redmine 5.x prior to 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine Redmine
NA
CVE-2022-44031
Redmine prior to 4.2.9 and 5.0.x prior to 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
Redmine Redmine
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »