Vulnerability Description
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redmine | Redmine | < 4.0.9 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2021/05/msg00013.htmlMailing ListThird Party Advisory
- https://www.redmine.org/news/131Vendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Security_AdvisoriesVendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/05/msg00013.htmlMailing ListThird Party Advisory
- https://www.redmine.org/news/131Vendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Security_AdvisoriesVendor Advisory
FAQ
What is CVE-2021-31863?
CVE-2021-31863 is a vulnerability with a CVSS score of 7.5 (HIGH). Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the...
How severe is CVE-2021-31863?
CVE-2021-31863 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31863?
Check the references section above for vendor advisories and patch information. Affected products include: Redmine Redmine, Debian Debian Linux.