Search CVE reports

Toggle filters

1 – 10 of 51 results

CVE-2025-4011

Medium priority
Needs evaluation

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross...

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-47260

Medium priority
Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-47259

Medium priority
Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-47258

Medium priority
Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2022-44637

Medium priority
Needs evaluation

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2022-44031

Medium priority
Needs evaluation

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2022-44030

Medium priority
Needs evaluation

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2022-27777

Medium priority
Needs evaluation

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

9 affected packages

rails, redmine, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
redmine Not in release Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
ruby-actionpack-2.3
Show all 9 packages Show less packages

CVE-2021-42326

Medium priority
Needs evaluation

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2021-37156

Medium priority
Needs evaluation

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.

1 affected package

redmine

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
redmine Not in release Not in release Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON