Описание
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redmine | fixed | 5.0.4-1 | package |
Примечания
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://github.com/redmine/redmine/commit/c02e3bfaec5fb45bd02d840b2306a875cc4f7f88
https://github.com/redmine/redmine/commit/eea816ae0825a3d794e650d11a3909ace772152b
https://github.com/redmine/redmine/commit/df615b7047e58a5dfb236d3b011dfe1619559acc
https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909
https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833
Связанные уязвимости
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Уязвимость веб-приложения для управления проектами и задачами Redmine , связанная с некорректной обработкой исключительных состояний, позволяющая нарушителю загрузить и выполнить произвольный файл