pkg:Bitnami/redmine

所有已知漏洞

• CRITICAL9.8CVE-2021-30164Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues…
  from 0, < 4.0.8, >= 4.1.0, < 4.1.2
• HIGH7.5CVE-2021-37156Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the in…
  >= 4.2.0, < 4.2.1, >= 4.2.1, < 4.2.2
• HIGH7.5CVE-2022-44030Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks.
  >= 5.0.0, < 5.0.4
• HIGH7.5CVE-2021-31863Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows…
  from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1
• HIGH7.5CVE-2021-30163Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that…
  from 0, < 4.0.8, >= 4.1.0, < 4.1.2
• MEDIUM6.1CVE-2021-29274Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.
  >= 4.1.0, < 4.1.2
• MEDIUM6.1CVE-2023-47260Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
  from 0, < 4.2.11, >= 5.0.0, < 5.0.6
• MEDIUM6.1CVE-2023-47259Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
  from 0, < 4.2.11, >= 5.0.0, < 5.0.6
• MEDIUM6.1CVE-2023-47258redmine - security update
  from 0, < 4.2.11, >= 5.0.0, < 5.0.6
• MEDIUM6.1CVE-2022-44637Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textil…
  from 0, < 4.2.9, >= 5.0.0, < 5.0.4
• MEDIUM6.1CVE-2022-44031Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote s…
  from 0, < 4.2.9, >= 5.0.0, < 5.0.4
• MEDIUM6.1CVE-2020-36307Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
  from 0, < 4.0.7, >= 4.1.0, < 4.1.1
• MEDIUM6.1CVE-2020-36306Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
  from 0, < 4.0.7, >= 4.1.0, < 4.1.1
• MEDIUM5.3CVE-2021-42326redmine - security update
  from 0, < 4.1.5, >= 4.2.0, < 4.2.3
• MEDIUM5.3CVE-2021-31866Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing diff…
  from 0, < 4.0.9, >= 4.1.0, < 4.1.3
• MEDIUM5.3CVE-2021-31865Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded att…
  from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1
• MEDIUM5.3CVE-2021-31864Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by l…
  from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1
• MEDIUM5.3CVE-2020-36308Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and…
  from 0, < 4.0.7, >= 4.1.0, < 4.1.1