Defect #43451: Type Confusion: Arbitrary GhostScript execution - Redmine

Actions

Copy link

Defect #43451

open

Type Confusion: Arbitrary GhostScript execution

Added by Go MAEDA about 19 hours ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Security

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Affected version:

Description

Date: Fri, 24 Oct 2025 13:04:02 +0000
To: "security@redmine.org" <security@redmine.org>
From: Elweth <elweth@protonmail.com>
Subject: Responsible disclosure - Type Confusion: Arbitrary GhostScript execution
Message-ID: <XiOgCZofoVr8a8v6dhjg6T5yQXj69k5JZJao6gneTtaIyx6vXQo7sBtAEAF0FK-5utnEaOTXRvnImGjg4E1Es0vpoZ9zcYaJ_BB7mzvgUHE=@protonmail.com>

Hello,

I'm Elweth, cybersecurity researcher and bug bounty hunter on YesWeHack (https://yeswehack.com/hunters/elweth)

I've previously contacted you few months ago to share with you a vulnerability on Redmine about a XSS vulnerability, and today I reach you to send you my new discovery on your tool, about a type confusion.

Please see the attached document for more details.

I remain at your disposal should you require any further information.

Regards
Elweth

Files

Vulnerability Report - Redmine.pdf (632 KB) Vulnerability Report - Redmine.pdf

Go MAEDA, 2025-11-08 09:19

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #43451

Type Confusion: Arbitrary GhostScript execution