Search CVE reports
1 – 10 of 51 results
CVE-2025-4011
Medium priorityA vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross...
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2023-47260
Medium priorityRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2023-47259
Medium priorityRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2023-47258
Medium priorityRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-44637
Medium priorityRedmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-44031
Medium priorityRedmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-44030
Medium priorityRedmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-27777
Medium priorityA XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
9 affected packages
rails, rails-4.0, redmine, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| redmine | Not in release | — | Needs evaluation | Needs evaluation |
| ruby-actionpack-2.3 | — | — | — | — |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
CVE-2021-42326
Medium priorityRedmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | — | Needs evaluation | Needs evaluation |
CVE-2021-37156
Medium priorityRedmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |