pkg:Debian/redmine
共 55 筆 CVECRITICAL1HIGH9MEDIUM34
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.8CVE-2021-30164Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues…from 0, < 5.0.0-1
- HIGH8.8CVE-2017-18026Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg progr…from 0, < 3.4.4-1
- HIGH7.5CVE-2022-44030Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks.from 0, < 5.0.4-1
- HIGH7.5CVE-2021-31863Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows…from 0, < 5.0.0-1
- HIGH7.5CVE-2021-30163Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that…from 0, < 5.0.0-1
- HIGH7.5CVE-2017-15577Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive infor…from 0, < 3.4.2-1
- HIGH7.5CVE-2017-15576Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sens…from 0, < 3.4.2-1
- HIGH7.5CVE-2017-15572In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Refe…from 0, < 3.4.2-1
- HIGH7.4CVE-2015-8474Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x befo…from 0, < 3.2.0-1
- HIGH7.3CVE-2017-15575In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settin…from 0, < 3.4.2-1
- MEDIUM6.5CVE-2019-18890A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a c…from 0, < 3.4.2-1
- from 0, < 5.0.4-5+deb12u1
- MEDIUM6.1CVE-2023-47259Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.from 0, < 5.0.4-5+deb12u1
- from 0, < 5.0.4-5+deb12u1
- from 0, < 5.0.4-5+deb12u1
- MEDIUM6.1CVE-2022-44637Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textil…from 0, < 5.0.4-1
- MEDIUM6.1CVE-2022-44031Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote s…from 0, < 5.0.4-1
- MEDIUM6.1CVE-2020-36307Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.from 0, < 4.0.7-1
- from 0, < 4.0.7-1
- from 0, < 3.3.1-4+deb9u3
- from 0, < 4.0.4-1
- MEDIUM6.1CVE-2017-15574In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.from 0, < 3.4.2-1
- MEDIUM6.1CVE-2017-15573In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.from 0, < 3.4.2-1
- MEDIUM6.1CVE-2017-15571In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.from 0, < 3.4.4-1
- MEDIUM6.1CVE-2017-15570In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.from 0, < 3.4.4-1
- MEDIUM6.1CVE-2017-15569In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field wi…from 0, < 3.4.4-1
- from 0, < 3.3.1-4+deb9u1
- from 0, < 3.4.4-1
- MEDIUM6.1CVE-2016-10515In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.from 0, < 3.2.3-1
- MEDIUM6.1CVE-2015-8477Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors…from 0, < 3.0~20140825-5
- from 0, < 5.0.0-1
- from 0, < 3.3.1-4+deb9u5
- MEDIUM5.3CVE-2021-31866Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing diff…from 0, < 5.0.0-1
- MEDIUM5.3CVE-2021-31865Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded att…from 0, < 5.0.0-1
- MEDIUM5.3CVE-2021-31864Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by l…from 0, < 5.0.0-1
- MEDIUM5.3CVE-2020-36308Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and…from 0, < 4.0.7-1
- from 0, < 3.3.1-4+deb9u4
- from 0, < 4.0.6-1
- MEDIUM5.3CVE-2015-8537app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sens…from 0, < 3.2.0-1
- from 0, < 3.2.0-1
- from 0, < 3.0~20140825-8~deb8u2
- from 0, < 1.0.1-2+deb6u11
- MEDIUM4.3CVE-2017-16804In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible,…from 0, < 3.4.2-1
- MEDIUM4.3CVE-2015-8473The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive in…from 0, < 3.2.0-1
- —CVE-2025-4011A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic.from 0, < 6.0.4+ds-1
- —CVE-2014-1985Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 a…from 0, < 2.5.1-1
- —CVE-2011-4929Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbit…from 0, < 1.0.5-1
- —CVE-2011-4928Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web s…from 0, < 1.0.5-1
- from 0, < 1.0.1-2
- from 0, < 1.0.5-1
- —CVE-2012-2054Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers…from 0, < 1.3.2+dfsg1-1
- —CVE-2012-0327Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspeci…from 0, < 1.3.2+dfsg1-1
- —CVE-2009-4459Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct…from 0, < 0.9.1-1
- —CVE-2009-4079Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users…from 0, < 0.9.0~svn2902-1
- —CVE-2009-4078Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or H…from 0, < 0.9.0~svn2902-1