PT-2023-23379 · Unknown · Ckeditor Plugin For Redmine
Published
2023-06-13
·
Updated
2025-01-03
·
CVE-2023-31541
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CKEditor plugin for Redmine version 1.2.3
Description
A vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor plugin for Redmine, allowing arbitrary files to be uploaded to the server. This issue affects the ability to restrict file uploads, potentially leading to security risks.
Recommendations
For version 1.2.3, consider disabling the ‘Browse and upload images’ feature until a patch is available to prevent arbitrary file uploads. Restrict access to the upload functionality to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckeditor Plugin For Redmine