Redmine 5.x before 5.0.4 allows downloading of file...
High severity
Unreviewed
Published
Dec 7, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Dec 6, 2022
Published to the GitHub Advisory Database
Dec 7, 2022
Last updated
Feb 2, 2023
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
References