CVE-2021-31863 · VulnScope

Description

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

How to fix CVE-2021-31863

To remediate CVE-2021-31863, upgrade the affected package to a fixed version below.

Bitnami/redmine—upgrade to 4.0.9 or later
Debian/redmine—upgrade to 5.0.0-1 or later

Is CVE-2021-31863 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.0.9, >= 4.1.0, < 4.1.3, >= 4.2.0, < 4.2.1
from 0, < 5.0.0-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-31863
WEBlists.debian.org/debian-lts-announce/2021/05/msg00013.html
WEBnvd.nist.gov/vuln/detail/CVE-2021-31863
WEBwww.redmine.org/news/131
WEB