Arbitrary File Read Vulnerability in Redmine Git Repository Integration
CVE-2021-31863 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
Learn more about our Cis Benchmark Audit For Server Software.