Vulnerabilities > Redmine > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-06 | CVE-2022-44030 | Improper Handling of Exceptional Conditions vulnerability in Redmine Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. | 7.5 |
| 2021-04-06 | CVE-2021-30164 | Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. | 7.5 |
| 2017-10-18 | CVE-2017-15575 | In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. | 7.5 |
| 2014-12-28 | CVE-2013-4663 | Command Injection vulnerability in Redmine GIT Hosting Plugin git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | 7.5 |
| 2012-10-08 | CVE-2011-4929 | Unspecified vulnerability in Redmine Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors. | 7.5 |