Описание
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Ссылки
- Release NotesVendor Advisory
- PatchVendor Advisory
- Release NotesVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Redmine 5.x before 5.0.4 allows downloading of file attachments of any ...
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
Уязвимость веб-приложения для управления проектами и задачами Redmine , связанная с некорректной обработкой исключительных состояний, позволяющая нарушителю загрузить и выполнить произвольный файл
EPSS
7.5 High
CVSS3