JVN#22182715: Redmine DMSF Plugin vulnerable to path traversal

Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability (CWE-22).

Impact

When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.
Version 3.1.4 has addressed this vulnerability.

Products Affected

• Redmine DMSF Plugin versions prior to 3.1.4