Vulnerability Description
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redmine | Redmine | < 4.1.5 |
| Debian | Debian Linux | 9.0 |
References
- https://lists.debian.org/debian-lts-announce/2021/10/msg00013.htmlThird Party Advisory
- https://www.redmine.org/news/133MitigationVendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10Release NotesVendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10Release NotesVendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Security_AdvisoriesPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00013.htmlThird Party Advisory
- https://www.redmine.org/news/133MitigationVendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10Release NotesVendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10Release NotesVendor Advisory
- https://www.redmine.org/projects/redmine/wiki/Security_AdvisoriesPatchVendor Advisory
FAQ
What is CVE-2021-42326?
CVE-2021-42326 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
How severe is CVE-2021-42326?
CVE-2021-42326 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42326?
Check the references section above for vendor advisories and patch information. Affected products include: Redmine Redmine, Debian Debian Linux.