4.2.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

redmine

CWE-613

NVD

Published: 2021-08-05

Updated: 2021-08-12

Summary

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.

Vulnerable Configurations

Part	Description	Count
Application	Redmine Redmine Redmine 4.2.0 Redmine Redmine 4.2.1	2

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/news/132