CVE-2021-31863

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Redmine versions prior to 4.0.9 Redmine versions 4.1.x prior to 4.1.3 Redmine versions 4.2.x prior to 4.2.1

Description The issue is related to insufficient input validation in the Git repository integration of Redmine, allowing remote attackers to access confidential data. This can enable Redmine users to read arbitrary local files that are accessible by the application server process.

Recommendations For Redmine versions prior to 4.0.9, update to version 4.0.9 or later. For Redmine versions 4.1.x prior to 4.1.3, update to version 4.1.3 or later. For Redmine versions 4.2.x prior to 4.2.1, update to version 4.2.1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-05246

BIT-REDMINE-2021-31863

CVE-2021-31863

DLA-2658-1

Affected Products

Redmine

CVE-2021-31863

Weakness Enumeration

Related Identifiers

Affected Products

References · 19