Описание
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-42326
- https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html
- https://www.redmine.org/news/133
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10
- https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10
- https://www.redmine.org/projects/redmine/wiki/Security_Advisories
Связанные уязвимости
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...
Уязвимость веб-приложения для управления проектами и задачами Redmine, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным