PT-2021-4607 · Redmine · Redmine

Published

2021-04-06

Updated

2024-03-06

CVE-2020-36308

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Redmine versions 4.0.0 through 4.0.6 Redmine versions 4.1.0 through 4.1.0

Description The issue allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. It is related to insufficient neutralization of special elements in a request, which may allow a remote attacker to access confidential data.

Recommendations For Redmine versions 4.0.0 through 4.0.6, update to version 4.0.7 or later. For Redmine versions 4.1.0 through 4.1.0, update to version 4.1.1 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

BDU:2021-05291

BIT-REDMINE-2020-36308

CVE-2020-36308

DLA-2658-1

Affected Products

Redmine

PT-2021-4607 · Redmine · Redmine

CVE-2020-36308

Weakness Enumeration

Related Identifiers

Affected Products

References · 17