Unrated severityNVD Advisory· Published Apr 28, 2021· Updated Aug 3, 2024
CVE-2021-31866
CVE-2021-31866
Description
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Redmine/Redminedescription
Patches
Vulnerability mechanics
References
3- lists.debian.org/debian-lts-announce/2021/05/msg00013.htmlmitremailing-listx_refsource_MLIST
- www.redmine.org/news/131mitrex_refsource_MISC
- www.redmine.org/projects/redmine/wiki/Security_Advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.