CVE-2022-44030

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:27

Type Values Removed Values Added
References () https://www.redmine.org/news/139 - Release Notes, Vendor Advisory () https://www.redmine.org/news/139 - Release Notes, Vendor Advisory
References () https://www.redmine.org/projects/redmine/wiki/Security_Advisories - Patch, Vendor Advisory () https://www.redmine.org/projects/redmine/wiki/Security_Advisories - Patch, Vendor Advisory

Information

Published : 2022-12-06 23:15

Updated : 2024-11-21 07:27


NVD link : CVE-2022-44030

Mitre link : CVE-2022-44030

CVE.ORG link : CVE-2022-44030


JSON object : View

Products Affected

redmine

  • redmine
CWE
CWE-755

Improper Handling of Exceptional Conditions