CVE-2021-31866

Sažetak

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

Reference

https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/news/131
https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

01-06-2021 - 15:06

Objavljeno

28-04-2021 - 07:15