← Back

CVE-2022-44030

nvd nist

Published: Dec 6, 2022Modified: Apr 23, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

Affected (1)

Products: Redmine: Redmine

Redmine

1 product

Redmine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redmine Redmine	From 5.0.0 to 5.0.3

Related CWEs

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (4)

https://www.redmine.org/news/139

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.redmine.org/projects/redmine/wiki/Security_Advisories

Source: cve@mitre.org

PatchVendor Advisory

https://www.redmine.org/news/139

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.redmine.org/projects/redmine/wiki/Security_Advisories

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.