Arbitrary File Read Vulnerability in Redmine Git Repository Integration

Arbitrary File Read Vulnerability in Redmine Git Repository Integration

CVE-2021-31863 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

Learn more about our Cis Benchmark Audit For Server Software.