Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Redmine | Redmine | * | 4.0.9 (excluding) |
Redmine | Redmine | 4.1.0 (including) | 4.1.3 (excluding) |
Redmine | Redmine | 4.2.0 (including) | 4.2.1 (excluding) |
Redmine | Ubuntu | bionic | * |
Redmine | Ubuntu | groovy | * |
Redmine | Ubuntu | kinetic | * |
Redmine | Ubuntu | lunar | * |
Redmine | Ubuntu | mantic | * |
Redmine | Ubuntu | trusty | * |
Redmine | Ubuntu | xenial | * |