CVE-2021-31863

high

Description

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

References

https://www.redmine.org/projects/redmine/wiki/Security_Advisories

https://www.redmine.org/news/131

https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html

Details

Source: Mitre, NVD

Published: 2021-04-28

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High