Redmine Vulnerabilidad

Cronología

Versión

3.2.0	13
3.2.1	13
3.2.2	13
3.2.3	12
3.2.4	12

Contramedidas

Official Fix	39
Temporary Fix	0
Workaround	0
Unavailable	1
Not Defined	6

Explotabilidad

High	2
Functional	0
Proof-of-Concept	6
Unproven	0
Not Defined	38

Vector de acceso

Not Defined	0
Physical	0
Local	0
Adjacent	11
Network	35

Autenticación

Not Defined	0
High	0
Low	19
None	27

La interacción del usuario

Not Defined	0
Required	23
None	23

CVSSv3 Base

≤1	0
≤2	0
≤3	1
≤4	2
≤5	15
≤6	18
≤7	6
≤8	4
≤9	0
≤10	0

CVSSv3 Temp

≤1	0
≤2	0
≤3	1
≤4	3
≤5	20
≤6	13
≤7	6
≤8	3
≤9	0
≤10	0

VulDB

≤1	0
≤2	0
≤3	1
≤4	10
≤5	17
≤6	12
≤7	4
≤8	2
≤9	0
≤10	0

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	2
≤6	4
≤7	15
≤8	6
≤9	1
≤10	1

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Proveedor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Explotar día 0

<1k	14
<2k	28
<5k	4
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Explotar hoy

<1k	46
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Explotar el volumen del mercado

Affected Versions (124): 0.1, 0.2.1, 0.2.2, 0.3, 0.4, 0.4.1, 0.4.2, 0.5, 0.5.1, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.8, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 1, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1, 1.1.1, 2.4, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 3, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.4, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.4.11, 3.4.12, 4, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 5, 5.0.1, 5.0.2, 5.0.3

Tipo de software: Project Management Software

Fecha de publicación	Base	Temp	Vulnerabilidad	0day	Hoy	Exp	Con	CTI	CVE
2022-12-12	4.8	4.7	Redmine Textile Formatter cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2022-44031
2022-12-12	4.8	4.7	Redmine Textile Formatter cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2022-44637
2022-12-07	5.5	5.4	Redmine escalada de privilegios	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2022-44030
2021-10-13	3.5	3.4	Redmine Activity View divulgación de información	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2021-42326
2021-08-06	5.5	5.5	Redmine Two-factor Authentication escalada de privilegios	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	CVE-2021-37156
2021-04-28	3.5	3.4	Redmine Git Repository divulgación de información	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2021-31863
2021-04-28	5.5	5.3	Redmine Filename escalada de privilegios	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2021-31865
2021-04-28	5.5	5.3	Redmine Incoming Mail escalada de privilegios	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2021-31864
2021-04-28	2.6	2.5	Redmine SysController/MailHandlerController divulgación de información	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2021-31866
2021-04-06	7.6	7.3	Redmine Issues API escalada de privilegios	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2021-30164