Описание
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.2.0-1 |
| bionic | not-affected | 3.2.0-1 |
| cosmic | not-affected | 3.2.0-1 |
| devel | not-affected | 3.2.0-1 |
| disco | not-affected | 3.2.0-1 |
| esm-apps/bionic | not-affected | 3.2.0-1 |
| esm-apps/xenial | not-affected | 3.2.0-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
4 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x ...
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
4 Medium
CVSS2
4.3 Medium
CVSS3