Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Aug 4, 2024

CVE-2020-36308

Description

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.

Affected products

Redmine/Redminedescription
osv-coords
pkg:bitnami/redmine
Range: < 4.0.7

Patches

e1a783af455a

tagged version 4.1.1

https://github.com/redmine/redmineJean-Philippe LangApr 6, 2020via osv

commit

5a5692ebc935

tagged version 4.0.7

https://github.com/redmine/redmineJean-Philippe LangApr 6, 2020via osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

lists.debian.org/debian-lts-announce/2021/05/msg00013.htmlmitremailing-listx_refsource_MLIST
www.redmine.org/projects/redmine/wiki/Security_Advisoriesmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000