BIT-redmine-2021-31866

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/redmine/BIT-redmine-2021-31866.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-redmine-2021-31866
Aliases
Published
2024-03-06T11:04:43.596Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.

Database specific
{
    "cpes": [
        "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / redmine

Package

Name
redmine
Purl
pkg:bitnami/redmine

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.9
Introduced
4.1.0
Fixed
4.1.3