CVE-2022-44030

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
References
Link Resource
https://www.redmine.org/news/139 Release Notes Vendor Advisory
https://www.redmine.org/projects/redmine/wiki/Security_Advisories Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-06 23:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-44030

Mitre link : CVE-2022-44030

CVE.ORG link : CVE-2022-44030


JSON object : View

Products Affected

redmine

  • redmine
CWE
CWE-755

Improper Handling of Exceptional Conditions