CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30163
https://notcve.org/view.php?id=CVE-2021-30163
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. Redmine versiones anteriores a 4.0.8 y versiones 4.1.x anteriores a 4.1.2, permite a atacantes detectar los nombres de proyectos privados si se presentan detalles del diario de problemas que poseen cambios en unos valores de project_id • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36306
https://notcve.org/view.php?id=CVE-2020-36306
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, presenta un ataque de tipo XSS por medio del campo back_url • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36307
https://notcve.org/view.php?id=CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, presenta un ataque de tipo XSS almacenado por medio de enlaces en línea de textile • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36308
https://notcve.org/view.php?id=CVE-2020-36308
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. Redmine versiones anteriores a 4.0.7 y versiones 4.1.x anteriores a 4.1.1, permite a atacantes detectar el tema de un problema no visible al llevar a cabo una exportación CSV y leer las entradas de tiempo • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-25026
https://notcve.org/view.php?id=CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. Redmine versiones anteriores a 3.4.13 y versiones 4.x anteriores a 4.0.6, maneja inapropiadamente unos datos de marcado durante el formateo de Textile • https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html https://www.redmine.org/projects/redmine/wiki/Security_Advisories •