CVE-2019-18890
MEDIUM6.5EPSS 28.0%Published: 11/21/2019Modified: 4/28/2026
Description
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
Affected packages (1)
- Debian/redminefrom 0, < 3.4.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |