Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-31866

HistoryApr 28, 2021 - 7:15 a.m.

CVE-2021-31866

2021-04-2807:15:00

Debian Security Bug Tracker

security-tracker.debian.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.6%

JSON

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

OSVersionArchitecturePackageVersionFilename
Debian12allredmine< 5.0.0-1redmine_5.0.0-1_all.deb
Debian999allredmine< 5.0.0-1redmine_5.0.0-1_all.deb

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for DEBIANCVE:CVE-2021-31866

veracode1 cve1 osv3 prion1 ubuntucve1 archlinux1 nessus1 debian1

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	redmine	< 5.0.0-1	redmine_5.0.0-1_all.deb
Debian	999	all	redmine	< 5.0.0-1	redmine_5.0.0-1_all.deb