CVE-2021-42326Sensitive Information Exposure in Redmine

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 33.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
RedmineDebian RedmineDebian Linux
Timeline
PublishedOct 12
Latest updateMay 24

Description

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/redmine< redmine 5.0.0-1 (bookworm)
NVDredmine/redmine4.2.04.2.3+1
Debianredmine/redmine< 5.0.0-1+1

Also affects: Debian Linux 9.0

Patches

Patch: www.redmine.orgPatch: www.redmine.org

🔴Vulnerability Details

2
GHSA
GHSA-6rmc-qmcc-wm8g: Redmine before 42022-05-24
OSV
CVE-2021-42326: Redmine before 42021-10-12

📋Vendor Advisories

1
Debian
CVE-2021-42326: redmine - Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on a...2021