====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN370

_____________________________________________________________________

DATE                : 26/11/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Redmine versions prior to 3.3.10.

=====================================================================
https://www.redmine.org/news/125
_____________________________________________________________________

Redmine 3.3.10 release (incl. security fix)

Ajouté par Jean-Philippe Lang il y a 8 jours

A critical security vulnerability has been discovered in Redmine 3.3.x
and all prior releases. This vulnerability could be used to read
sensitive data from the database. Although the 3.3.x branch was no
longer maintained, Redmine 3.3.10 was released today in order to fix
this vulnerability. If you are using Redmine <= 3.3.9, you should
upgrade as soon as possible (download).

Thank you to Holger Just from www.plan.io for reporting this vulnerability.

Redmine 3.4.x and 4.0.x are not affected by this vulnerability.



=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================