Описание
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redmine | fixed | 3.2.0-1 | package | |
| redmine | not-affected | squeeze | package | |
| redmine | end-of-life | wheezy | package |
Примечания
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/21419 (private)
https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
upstream fixed in 2.6.9, 3.0.6 and 3.1.3
https://www.openwall.com/lists/oss-security/2015/12/08/8
Связанные уязвимости
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.