Vulnerabilities > CVE-2022-44030 - Improper Handling of Exceptional Conditions vulnerability in Redmine

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redmine
CWE-755

Summary

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

Vulnerable Configurations

Part Description Count
Application
Redmine
4