CRITICAL9.8CVE-2021-30164Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues… from 0, < 5.0.0-1
HIGH8.8CVE-2017-18026Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg progr… from 0, < 3.4.4-1
HIGH7.5CVE-2022-44030Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. from 0, < 5.0.4-1
HIGH7.5Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows…
from 0, < 5.0.0-1
HIGH7.5Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that…
from 0, < 5.0.0-1
HIGH7.5Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive infor…
from 0, < 3.4.2-1
HIGH7.5Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sens…
from 0, < 3.4.2-1
HIGH7.5In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Refe…
from 0, < 3.4.2-1
HIGH7.4Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x befo…
from 0, < 3.2.0-1
HIGH7.3In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settin…
from 0, < 3.4.2-1
MEDIUM6.5A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a c…
from 0, < 3.4.2-1
MEDIUM6.1Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.
from 0, < 5.0.4-5+deb12u1
MEDIUM6.1Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.
from 0, < 5.0.4-5+deb12u1
MEDIUM6.1redmine - security update
from 0, < 5.0.4-5+deb12u1
MEDIUM6.1redmine - security update
from 0, < 5.0.4-5+deb12u1
MEDIUM6.1Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textil…
from 0, < 5.0.4-1
MEDIUM6.1Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote s…
from 0, < 5.0.4-1
MEDIUM6.1Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
from 0, < 4.0.7-1
MEDIUM6.1Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
from 0, < 4.0.7-1
MEDIUM6.1redmine - security update
from 0, < 3.3.1-4+deb9u3
MEDIUM6.1redmine - security update
from 0, < 4.0.4-1
MEDIUM6.1In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
from 0, < 3.4.2-1
MEDIUM6.1In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
from 0, < 3.4.2-1
MEDIUM6.1In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
from 0, < 3.4.4-1
MEDIUM6.1In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
from 0, < 3.4.4-1
MEDIUM6.1In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field wi…
from 0, < 3.4.4-1
MEDIUM6.1redmine - security update
from 0, < 3.3.1-4+deb9u1
MEDIUM6.1redmine - security update
from 0, < 3.4.4-1
MEDIUM6.1In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
from 0, < 3.2.3-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors…
from 0, < 3.0~20140825-5
MEDIUM5.3redmine - security update
from 0, < 5.0.0-1
MEDIUM5.3redmine - security update
from 0, < 3.3.1-4+deb9u5
MEDIUM5.3Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing diff…
from 0, < 5.0.0-1
MEDIUM5.3Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded att…
from 0, < 5.0.0-1
MEDIUM5.3Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by l…
from 0, < 5.0.0-1
MEDIUM5.3Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and…
from 0, < 4.0.7-1
MEDIUM5.3redmine - security update
from 0, < 3.3.1-4+deb9u4
MEDIUM5.3redmine - security update
from 0, < 4.0.6-1
MEDIUM5.3app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sens…
from 0, < 3.2.0-1
MEDIUM5.3redmine - security update
from 0, < 3.2.0-1
MEDIUM5.3redmine - security update
from 0, < 3.0~20140825-8~deb8u2
MEDIUM5.3redmine - security update
from 0, < 1.0.1-2+deb6u11
MEDIUM4.3In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible,…
from 0, < 3.4.2-1
MEDIUM4.3The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive in…
from 0, < 3.2.0-1
—A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic.
from 0, < 6.0.4+ds-1
—Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 a…
from 0, < 2.5.1-1
—Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbit…
from 0, < 1.0.5-1
—Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web s…
from 0, < 1.0.5-1
—redmine - several
from 0, < 1.0.1-2
—redmine - several
from 0, < 1.0.5-1
—Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers…
from 0, < 1.3.2+dfsg1-1
—Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspeci…
from 0, < 1.3.2+dfsg1-1
—Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct…
from 0, < 0.9.1-1
—Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users…
from 0, < 0.9.0~svn2902-1
—Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or H…
from 0, < 0.9.0~svn2902-1