CVE-2021-30163

Sažetak

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

Reference

https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-06-2022 - 14:11

Objavljeno

06-04-2021 - 08:15