CVE search results

1 – 10 of 52 results

Detailed view

Sort by:

CVE-2026-1836

Medium priority

Needs evaluation

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2025-4011

Medium priority

Needs evaluation

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross...

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2023-47260

Medium priority

Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2023-47259

Medium priority

Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2023-47258

Medium priority

Needs evaluation

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2022-44637

Medium priority

Needs evaluation

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2022-44031

Medium priority

Needs evaluation

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2022-44030

Medium priority

Needs evaluation

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2022-27777

Medium priority

Needs evaluation

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

9 affected packages

rails, rails-4.0, redmine, ruby-actionpack-2.3, ruby-actionpack-3.2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
redmine	Not in release	Not in release	—	Needs evaluation	Needs evaluation
ruby-actionpack-2.3	—	—	—	—	—
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2021-42326

Medium priority

Needs evaluation

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

1 affected package

redmine

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redmine	Not in release	Not in release	—	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports