Description
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
Affected Package
Related
{"id": "DEBIANCVE:CVE-2019-25026", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2019-25026", "description": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.", "published": "2021-04-06T08:15:00", "modified": "2021-04-06T08:15:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "href": "https://security-tracker.debian.org/tracker/CVE-2019-25026", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2019-25026"], "immutableFields": [], "lastseen": "2023-03-04T06:10:26", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-25026"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2658-1:9243D"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2658.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2658-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-25026"]}, {"type": "veracode", "idList": ["VERACODE:30451"]}]}, "score": {"value": 1.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-25026"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2658-1:9243D"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2019-25026/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2658.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-25026"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-25026", "epss": "0.000770000", "percentile": "0.311840000", "modified": "2023-03-18"}], "vulnersScore": 1.5}, "_state": {"dependencies": 1677910268, "score": 1677910245, "epss": 1679165106}, "_internal": {"score_hash": "cbfd1e03068a06c33ce243ffb705df78"}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "redmine_5.0.4-5_all.deb", "packageVersion": "5.0.4-5", "operator": "lt", "status": "resolved", "packageName": "redmine"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "redmine_5.0.4-5_all.deb", "packageVersion": "5.0.4-5", "operator": "lt", "status": "resolved", "packageName": "redmine"}]}
{"ubuntucve": [{"lastseen": "2023-01-27T13:34:55", "description": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during\nTextile formatting.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-06T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25026", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25026"], "modified": "2021-04-06T00:00:00", "id": "UB:CVE-2019-25026", "href": "https://ubuntu.com/security/CVE-2019-25026", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-02-09T14:46:29", "description": "Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-06T08:15:00", "type": "cve", "title": "CVE-2019-25026", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25026"], "modified": "2021-06-01T20:37:00", "cpe": ["cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2019-25026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-25026", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2022-07-26T16:34:02", "description": "Redmine is mishandling markup data.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-05-16T10:24:35", "type": "veracode", "title": "Mishandled Markup Data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25026"], "modified": "2021-06-01T23:14:20", "id": "VERACODE:30451", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30451/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-01-11T14:48:10", "description": "Several issues were found in Redmine, a project management web application, which could lead to cross-site scripting, information disclosure, and reading arbitrary files from the server.\n\nFor Debian 9 stretch, these problems have been fixed in version 3.3.1-4+deb9u4.\n\nWe recommend that you upgrade your redmine packages.\n\nFor the detailed security status of redmine please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/redmine\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-14T00:00:00", "type": "nessus", "title": "Debian DLA-2658-1 : redmine security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25026", "CVE-2020-36306", "CVE-2020-36307", "CVE-2020-36308", "CVE-2021-30163", "CVE-2021-30164", "CVE-2021-31863", "CVE-2021-31864", "CVE-2021-31865", "CVE-2021-31866"], "modified": "2021-05-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:redmine", "p-cpe:/a:debian:debian_linux:redmine-mysql", "p-cpe:/a:debian:debian_linux:redmine-pgsql", "p-cpe:/a:debian:debian_linux:redmine-sqlite", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2658.NASL", "href": "https://www.tenable.com/plugins/nessus/149492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2658-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149492);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/18\");\n\n script_cve_id(\"CVE-2019-25026\", \"CVE-2020-36306\", \"CVE-2020-36307\", \"CVE-2020-36308\", \"CVE-2021-30163\", \"CVE-2021-30164\", \"CVE-2021-31863\", \"CVE-2021-31864\", \"CVE-2021-31865\", \"CVE-2021-31866\");\n\n script_name(english:\"Debian DLA-2658-1 : redmine security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several issues were found in Redmine, a project management web\napplication, which could lead to cross-site scripting, information\ndisclosure, and reading arbitrary files from the server.\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.3.1-4+deb9u4.\n\nWe recommend that you upgrade your redmine packages.\n\nFor the detailed security status of redmine please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/redmine\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/redmine\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/redmine\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redmine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redmine-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redmine-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:redmine-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"redmine\", reference:\"3.3.1-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"redmine-mysql\", reference:\"3.3.1-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"redmine-pgsql\", reference:\"3.3.1-4+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"redmine-sqlite\", reference:\"3.3.1-4+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-01-05T14:33:53", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2658-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nMay 13, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : redmine\nVersion : 3.3.1-4+deb9u4\nCVE ID : CVE-2019-25026 CVE-2020-36306 CVE-2020-36307 CVE-2020-36308\n CVE-2021-30163 CVE-2021-30164 CVE-2021-31863 CVE-2021-31864\n CVE-2021-31865 CVE-2021-31866\n\nSeveral issues were found in Redmine, a project management web application,\nwhich could lead to cross-site scripting, information disclosure, and reading\narbitrary files from the server.\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.3.1-4+deb9u4.\n\nWe recommend that you upgrade your redmine packages.\n\nFor the detailed security status of redmine please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/redmine\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-13T08:43:51", "type": "debian", "title": "[SECURITY] [DLA 2658-1] redmine security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25026", "CVE-2020-36306", "CVE-2020-36307", "CVE-2020-36308", "CVE-2021-30163", "CVE-2021-30164", "CVE-2021-31863", "CVE-2021-31864", "CVE-2021-31865", "CVE-2021-31866"], "modified": "2021-05-13T08:43:51", "id": "DEBIAN:DLA-2658-1:9243D", "href": "https://lists.debian.org/debian-lts-announce/2021/05/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:15:27", "description": "\nSeveral issues were found in Redmine, a project management web application,\nwhich could lead to cross-site scripting, information disclosure, and reading\narbitrary files from the server.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.3.1-4+deb9u4.\n\n\nWe recommend that you upgrade your redmine packages.\n\n\nFor the detailed security status of redmine please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/redmine>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-13T00:00:00", "type": "osv", "title": "redmine - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31863", "CVE-2021-31865", "CVE-2021-31864", "CVE-2020-36307", "CVE-2021-30163", "CVE-2020-36306", "CVE-2021-30164", "CVE-2021-31866", "CVE-2020-36308", "CVE-2019-25026"], "modified": "2022-07-21T05:53:44", "id": "OSV:DLA-2658-1", "href": "https://osv.dev/vulnerability/DLA-2658-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2019-25026
