Launchpad CVE tracker

CVE 2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.

Related bugs and status

CVE-2019-18890 (Candidate) is related to these bugs:

Bug #1853063: SQL injection and Persistent XSS in textile formatting

		In	Importance	Status
1853063	SQL injection and Persistent XSS in textile formatting	redmine (Ubuntu)	Undecided	Fix Released
1853063	SQL injection and Persistent XSS in textile formatting	redmine (Ubuntu Xenial)	Undecided	Fix Released
1853063	SQL injection and Persistent XSS in textile formatting	redmine (Ubuntu Precise)	Undecided	Invalid
1853063	SQL injection and Persistent XSS in textile formatting	redmine (Ubuntu Trusty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: https://security-track...
MISC: https://www.debian.org...
MISC: https://www.redmine.or...
UBUNTU: USN-4200-1
BUGTRAQ: 20191119 [SECURITY] [D...
DEBIAN: DSA-4574
MISC: https://github.com/Rea...

Launchpad.net

CVE 2019-18890

Related bugs and status

Related bugs

References