Refine your search
8 vulnerabilities found for Redmine by Redmine
CERTFR-2026-AVI-0306
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Redmine. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Redmine versions ant\u00e9rieures \u00e0 5.1.12",
"product": {
"name": "Redmine",
"vendor": {
"name": "Redmine",
"scada": false
}
}
},
{
"description": "Redmine versions 6.0.x ant\u00e9rieures \u00e0 6.0.9",
"product": {
"name": "Redmine",
"vendor": {
"name": "Redmine",
"scada": false
}
}
},
{
"description": "Redmine versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
"product": {
"name": "Redmine",
"vendor": {
"name": "Redmine",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-03-17T00:00:00",
"last_revision_date": "2026-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0306",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Redmine. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS), un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Redmine",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Redmine security_advisories",
"url": "https://www.redmine.org/projects/redmine/wiki/security_advisories"
}
]
}
jvndb-2023-000116
Vulnerability from jvndb
Published
2023-11-17 14:32
Modified
2024-05-09 17:55
Severity ?
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability (CWE-79) due to improper character string processing.
Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000116.html",
"dc:date": "2024-05-09T17:55+09:00",
"dcterms:issued": "2023-11-17T14:32+09:00",
"dcterms:modified": "2024-05-09T17:55+09:00",
"description": "Redmine contains a cross-site scripting vulnerability (CWE-79) due to improper character string processing.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000116.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000116",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13618065/index.html",
"@id": "JVN#13618065",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47259",
"@id": "CVE-2023-47259",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47259",
"@id": "CVE-2023-47259",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2022-000096
Vulnerability from jvndb
Published
2022-12-13 14:05
Modified
2024-06-03 16:47
Severity ?
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability (CWE-79) caused by improper Textile processing.
Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000096.html",
"dc:date": "2024-06-03T16:47+09:00",
"dcterms:issued": "2022-12-13T14:05+09:00",
"dcterms:modified": "2024-06-03T16:47+09:00",
"description": "Redmine contains a cross-site scripting vulnerability (CWE-79) caused by improper Textile processing.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000096.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000096",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN60211811/index.html",
"@id": "JVN#60211811",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44637",
"@id": "CVE-2022-44637",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44637",
"@id": "CVE-2022-44637",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2014-000041
Vulnerability from jvndb
Published
2014-04-16 15:06
Modified
2014-04-16 15:06
Summary
Redmine vulnerable to open redirect
Details
Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.
Minoru Sakai of SCSK Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html",
"dc:date": "2014-04-16T15:06+09:00",
"dcterms:issued": "2014-04-16T15:06+09:00",
"dcterms:modified": "2014-04-16T15:06+09:00",
"description": "Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.\r\n\r\nMinoru Sakai of SCSK Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000041.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000041",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN93004610/index.html",
"@id": "JVN#93004610",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985",
"@id": "CVE-2014-1985",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1985",
"@id": "CVE-2014-1985",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Redmine vulnerable to open redirect"
}
jvndb-2012-000025
Vulnerability from jvndb
Published
2012-03-13 13:39
Modified
2012-03-13 13:39
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Kousuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html",
"dc:date": "2012-03-13T13:39+09:00",
"dcterms:issued": "2012-03-13T13:39+09:00",
"dcterms:modified": "2012-03-13T13:39+09:00",
"description": "Redmine contains a cross-site scripting vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site scripting vulnerability.\r\n\r\nKousuke Ebihara reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000025.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000025",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93406632/index.html",
"@id": "JVN#93406632",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0327",
"@id": "CVE-2012-0327",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0327",
"@id": "CVE-2012-0327",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2009-000073
Vulnerability from jvndb
Published
2009-11-19 15:45
Modified
2009-11-19 15:45
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine contains a cross-site scripting vulnerability.
Redmine is a project management software. Redmine contains a cross-site scripting vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html",
"dc:date": "2009-11-19T15:45+09:00",
"dcterms:issued": "2009-11-19T15:45+09:00",
"dcterms:modified": "2009-11-19T15:45+09:00",
"description": "Redmine contains a cross-site scripting vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site scripting vulnerability.\r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000073.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000073",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01245481/index.html",
"@id": "JVN#01245481",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4078",
"@id": "CVE-2009-4078",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4078",
"@id": "CVE-2009-4078",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37420",
"@id": "SA37420",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37066",
"@id": "37066",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54333",
"@id": "54333",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/3291",
"@id": "VUPEN/ADV-2009-3291",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}
jvndb-2009-000074
Vulnerability from jvndb
Published
2009-11-19 15:45
Modified
2009-11-19 15:45
Summary
Redmine vulnerable to cross-site request forgery
Details
Redmine contains a cross-site request forgery vulnerability.
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability.
Yoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html",
"dc:date": "2009-11-19T15:45+09:00",
"dcterms:issued": "2009-11-19T15:45+09:00",
"dcterms:modified": "2009-11-19T15:45+09:00",
"description": "Redmine contains a cross-site request forgery vulnerability.\r\n\r\nRedmine is a project management software. Redmine contains a cross-site request forgery vulnerability.\r\n\r\nYoshinari Fukumoto of Rakuten, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000074.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87341298/index.html",
"@id": "JVN#87341298",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4079",
"@id": "CVE-2009-4079",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4079",
"@id": "CVE-2009-4079",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37420",
"@id": "SA37420",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37066",
"@id": "37066",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54334",
"@id": "54334",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/3291",
"@id": "VUPEN/ADV-2009-3291",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Redmine vulnerable to cross-site request forgery"
}
jvndb-2008-000038
Vulnerability from jvndb
Published
2008-07-08 12:15
Modified
2008-07-08 12:15
Summary
Redmine vulnerable to cross-site scripting
Details
Redmine, open source project management software, contains a cross-site scripting vulnerbility.
Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.
Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html",
"dc:date": "2008-07-08T12:15+09:00",
"dcterms:issued": "2008-07-08T12:15+09:00",
"dcterms:modified": "2008-07-08T12:15+09:00",
"description": "Redmine, open source project management software, contains a cross-site scripting vulnerbility.\r\n\r\nRedmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability.\r\n\r\nToshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000038.html",
"sec:cpe": {
"#text": "cpe:/a:redmine:redmine",
"@product": "Redmine",
"@vendor": "Redmine",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000038",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN00945448/index.html",
"@id": "JVN#00945448",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4481",
"@id": "CVE-2008-4481",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4481",
"@id": "CVE-2008-4481",
"@source": "NVD"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000038.html",
"@id": "JVNDB-2008-000038",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Redmine vulnerable to cross-site scripting"
}