CVE-2021-31863

Sažetak

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

Reference

https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/news/131
https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

01-06-2021 - 13:27

Objavljeno

28-04-2021 - 07:15