Page 5 of 49 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536. Redmine en versiones anteriores a la 3.2.9, 3.3.x anteriores a 3.3.6 y 3.4.x anteriores a 3.4.4 no bloquea los flags --config y --debugger en el programa Mercurial hg, lo que permite que los atacantes remotos ejecuten comandos arbitrarios (mediante el adaptador Mercurial) por medio de vectores que involucran una rama cuyo nombre empieza con una subcadena --config= o --debugger=. Esta vulnerabilidad está relacionada con CVE-2017-17536. • https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678 https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/27516 https://www.redmine.org/projects/redmine/wiki/Security_Advisories •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. En Redmine en versiones anteriores a la 3.2.7 y las versiones 3.3.x anteriores a la 3.3.4, la función reminders en app/models/mailer.rb no comprueba si un problema es visible, lo que permite que usuarios remotos autenticados obtengan información sensible leyendo mensajes de recordatorio de correo electrónico. • https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/25713 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3 gestiona de manera incorrecta la presentación Time Entry en vistas de actividad, lo que permite que atacantes remotos obtengan información sensible. • https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/23803 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. En Redmine en versiones anteriores a la 3.2.8, 3.3.x en versiones anteriores a la 3.3.5 y 3.4.x en versiones anteriores a la 3.4.3, existe XSS en app/views/issues/_list.html.erb mediante datos de columna manipulados. • https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/27186 https://www.redmine.org/projects/redmine/wiki/Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. En Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3, Redmine.pm no tiene verificación para cuando el módulo Repository está habilitado en la configuración de un proyecto, lo que podría permitir que atacantes remotos obtengan diferente información sensible o provoquen otro impacto sin especificar. • https://www.debian.org/security/2018/dsa-4191 https://www.redmine.org/issues/24307 https://www.redmine.org/projects/redmine/wiki/Security_Advisories •