Download
| Alert*
|
oval:org.secpod.oval:def:602435
Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure. oval:org.secpod.oval:def:603416 The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:600673 Joernchen of Phenoelit discovered several vulnerabilities in Redmine, a project management web application: Logged in users may be able to access private data. The Textile formatter allowed for cross site scripting, exposing sensitive data to an attacker. The Bazaar repository adapter could be used ... oval:org.secpod.oval:def:601463 redmine is installed oval:org.secpod.oval:def:1900928 In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. oval:org.secpod.oval:def:1901730 In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information by reading a Referer log, because account/lost_password does not use a redirect. oval:org.secpod.oval:def:1901683 In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. oval:org.secpod.oval:def:1901671 Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands via vectors involving a branch whose name begins with a --config= or --debugger= substring, a re ... oval:org.secpod.oval:def:1901656 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. oval:org.secpod.oval:def:1901669 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. oval:org.secpod.oval:def:1901657 In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. oval:org.secpod.oval:def:53342 The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. oval:org.secpod.oval:def:53317 Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. oval:org.secpod.oval:def:603386 Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. oval:org.secpod.oval:def:604613 Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting. |
