CVE-2021-31863

HIGH7.5EPSS 0.79%

發布日:2021/4/28修改日:2026/4/28

描述

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

受影響套件(2)

Bitnami/redminefrom 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1
Debian/redminefrom 0, < 5.0.0-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-31863
WEBhttps://lists.debian.org/debian-lts-announce/2021/05/msg00013.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-31863
WEBhttps://www.redmine.org/news/131
WEBhttps://www.redmine.org/projects/redmine/wiki/Security_Advisories