Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability (CWE-22).
When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).
Update the Software
Update the software to the latest version according to the information provided by the developer.
Version 3.1.4 has addressed this vulnerability.