CVE Vulnerabilities

CVE-2022-44030

Improper Handling of Exceptional Conditions

Published: Dec 06, 2022 | Modified: Apr 23, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Redmine Redmine 5.0.0 (including) 5.0.3 (including)
Redmine Ubuntu bionic *
Redmine Ubuntu focal *
Redmine Ubuntu kinetic *
Redmine Ubuntu lunar *
Redmine Ubuntu mantic *
Redmine Ubuntu trusty *
Redmine Ubuntu xenial *

References