Improper access control

2021-10-1219:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.

CPENameOperatorVersion
debian_linuxeq9.0
redminelt4.1.5
redminege4.2.0
redminelt4.2.3

References

lists.debian.org/debian-lts-announce/2021/10/msg00013.html

www.redmine.org/news/133

www.redmine.org/projects/redmine/wiki/Changelog_4_1

www.redmine.org/projects/redmine/wiki/Changelog_4_2

www.redmine.org/projects/redmine/wiki/Security_Advisories