CVE-2021-30163

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Redmine versions prior to 4.0.8 Redmine versions 4.1.x prior to 4.1.2

Description The issue in Redmine is related to the disclosure of project id in the issue journal. This could allow a remote attacker to access confidential data if issue-journal details exist that have changes to project id values. The vulnerability may enable attackers to discover the names of private projects.

Recommendations For Redmine versions prior to 4.0.8, update to version 4.0.8 or later. For Redmine versions 4.1.x prior to 4.1.2, update to version 4.1.2 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2021-05167

BIT-REDMINE-2021-30163

CVE-2021-30163

DLA-2658-1

Affected Products

Redmine

CVE-2021-30163

Weakness Enumeration

Related Identifiers

Affected Products

References · 18