← back
CVE-2022-44030

CVE-2022-44030

CVSS 7.5 HIGHEPSS 0.6%CWE-755
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
06 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.redmine.org/news/139https://www.redmine.org/projects/redmine/wiki/Security_Advisories