[ASA-202105-1] redmine: multiple issues
diabonas at archlinux.org
Thu May 20 17:46:26 UTC 2021
Arch Linux Security Advisory ASA-202105-1
Date : 2021-05-19
CVE-ID : CVE-2021-29274 CVE-2021-30163 CVE-2021-30164 CVE-2021-31863
CVE-2021-31864 CVE-2021-31865 CVE-2021-31866
Package : redmine
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1743
The package redmine before version 4.2.1-1 is vulnerable to multiple
issues including arbitrary filesystem access, access restriction
bypass, cross-site scripting, arbitrary file upload and information
Upgrade to 4.2.1-1.
# pacman -Syu "redmine>=4.2.1-1"
The problems have been fixed upstream in version 4.2.1.
- CVE-2021-29274 (cross-site scripting)
Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an
issue's subject is mishandled in the auto complete tip.
- CVE-2021-30163 (information disclosure)
Redmine before 4.1.2 allows attackers to discover the names of private
projects if issue-journal details exist that have changes to project_id
- CVE-2021-30164 (access restriction bypass)
Redmine before 4.1.2 allows attackers to bypass the add_issue_notes
permission requirement by leveraging the Issues API.
- CVE-2021-31863 (arbitrary filesystem access)
Insufficient input validation in the Git repository integration of
Redmine before 4.2.1 allows Redmine users to read arbitrary local files
accessible by the application server process.
- CVE-2021-31864 (access restriction bypass)
Redmine before 4.2.1 allows attackers to bypass the add_issue_notes
permission requirement by leveraging the incoming mail handler.
- CVE-2021-31865 (arbitrary file upload)
Redmine before 4.2.1 allows users to circumvent the allowed filename
extensions of uploaded attachments.
- CVE-2021-31866 (information disclosure)
Redmine before 4.1.3 allows an attacker to learn the values of internal
authentication keys by observing timing differences in string
comparison operations within SysController and MailHandlerController.
A remote attacker could disclose private information, perform actions
without having the required permissions, or execute arbitrary
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security