Home > Vulnerability Database > CVE-2022-44030

Mend.io Vulnerability Database

CVE-2022-44030

Good to know:

Date: December 6, 2022

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.

Language: Ruby

Severity Score

7.5

Related Resources (5)

Url: https://security-tracker.debian.org/tracker/CVE-2022-44030

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-44030

Url: https://www.redmine.org/projects/redmine/wiki/Security_Advisories

Url: https://www.redmine.org/news/139

Url: https://www.mend.io/vulnerability-database/CVE-2022-44030

Severity Score

7.5

Weakness Type (CWE)

Improper Handling of Exceptional Conditions

CWE-755

Top Fix

Upgrade Version

Upgrade to version 5.0.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-44030

Good to know:

Date: December 6, 2022

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?