CVE-2021-31863

HIGH7.5EPSS 0.79%

Published: 4/28/2021Modified: 4/28/2026

Also known as:DEBIAN-CVE-2021-31863

Description

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

Affected packages (2)

Bitnami/redminefrom 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1
Debian/redminefrom 0, < 5.0.0-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-31863
WEBhttps://lists.debian.org/debian-lts-announce/2021/05/msg00013.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-31863
WEBhttps://www.redmine.org/news/131
WEBhttps://www.redmine.org/projects/redmine/wiki/Security_Advisories