CVE-2021-31865 — Incorrect Authorization in Redmine

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 39.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 28

Latest updateMay 24

Description

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

▶debiandebian/redmine< redmine 5.0.0-1 (bookworm)

▶NVDredmine/redmine4.1.0 — 4.1.3+2

▶Debianredmine/redmine< 5.0.0-1+1

Also affects: Debian Linux 9.0

GHSA

GHSA-8h6c-gqcj-gcx4: Redmine before 4↗2022-05-24

▶

OSV

CVE-2021-31865: Redmine before 4↗2021-04-28

▶

Debian

CVE-2021-31865: redmine - Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to...↗2021

▶