CVE-2022-44030 — Improper Handling of Exceptional Conditions in Redmine

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 42.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redmine Debian Redmine

Timeline

PublishedDec 6

Latest updateDec 7

Description

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/redmine< redmine 5.0.4-1 (bookworm)

▶Debianredmine/redmine< 5.0.4-1+1

▶NVDredmine/redmine5.0.0 — 5.0.3

Patches

Patch: www.redmine.org ↗Patch: www.redmine.org ↗

🔴Vulnerability Details

GHSA

GHSA-hq3g-q9w3-58pc: Redmine 5↗2022-12-07

▶

OSV

CVE-2022-44030: Redmine 5↗2022-12-06

▶

📋Vendor Advisories

Debian

CVE-2022-44030: redmine - Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or ...↗2022

▶