CVE-2021-31866

MEDIUM5.3EPSS 0.44%

發布日:2021/4/28修改日:2026/4/28

描述

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

受影響套件(2)

Bitnami/redminefrom 0, < 4.0.9, >= 4.1.0, < 4.1.3
Debian/redminefrom 0, < 5.0.0-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(5)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-31866
WEBhttps://lists.debian.org/debian-lts-announce/2021/05/msg00013.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-31866
WEBhttps://www.redmine.org/news/131
WEBhttps://www.redmine.org/projects/redmine/wiki/Security_Advisories