VDB
CVE-2021-42326
CVE-2021-42326
PUBLISHED
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
EPSS 0.51% · 66.6th percentile
Risk Scores
EPSS Score
0.51%
66.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | redmine | 0, 4.2.0 |
| Bitnami | redmine | 0, 4.2.0 |
Timeline
- Oct 12, 2021 CVE Published
- Oct 13, 2021 EPSS Score
- Dec 9, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 3, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 27, 2022 EPSS Score
- Jul 24, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html url
- https://www.redmine.org/news/133 url
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 url
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 url
- https://www.redmine.org/projects/redmine/wiki/Security_Advisories url
- https://nvd.nist.gov/vuln/detail/CVE-2021-42326 url