Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-18890
A SQL injection vulnerability in Redmine up to and including 3.2.9 and 3.3.x prior to 3.3.10 allows Redmine users to access protected information via a crafted object query.
Redmine Redmine
Debian Debian Linux 9.0
2 Github repositories
6.1
CVSSv3
CVE-2019-17427
In Redmine prior to 3.4.11 and 4.0.x prior to 4.0.4, persistent XSS exists due to textile formatting errors.
Redmine Redmine
1 Github repository
6.1
CVSSv3
CVE-2019-15950
The CRM Plugin prior to 4.2.4 for Redmine allows XSS via crafted vCard data.
Redmineup Crm
8.8
CVSSv3
CVE-2017-18026
Redmine prior to 3.2.9, 3.3.x prior to 3.3.6, and 3.4.x prior to 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote malicious users to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch wh...
Redmine Redmine
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-17536
Phabricator prior to 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote malicious users to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
Phacility Phabricator
4.3
CVSSv3
CVE-2017-16804
In Redmine prior to 3.2.7 and 3.3.x prior to 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.3
Redmine Redmine
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-15569
In Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
Redmine Redmine
Redmine Redmine 3.3.1
Redmine Redmine 3.3.3
Redmine Redmine 3.4.0
Redmine Redmine 3.4.1
Redmine Redmine 3.4.2
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.4
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-15572
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.2
Redmine Redmine 3.3.1
Redmine Redmine
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-15573
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, XSS exists because markup is mishandled in wiki content.
Redmine Redmine 3.3.0
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2017-15574
In Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3, stored XSS is possible by using an SVG document as an attachment.
Redmine Redmine 3.3.1
Redmine Redmine 3.3.2
Redmine Redmine
Redmine Redmine 3.3.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »