Published:2024/05/29 Last Updated:2024/05/29
JVN#22182715
Redmine DMSF Plugin vulnerable to path traversal
Overview
Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability.
Products Affected
- Redmine DMSF Plugin versions prior to 3.1.4
Description
Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability (CWE-22).
Impact
When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Version 3.1.4 has addressed this vulnerability.
Vendor Status
| Vendor | Link |
| Kontron | GitHub Redmine DMSF Plugin |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score:
8.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-36267 |
| JVN iPedia |
JVNDB-2024-000055 |