Linux Distros Unpatched Vulnerability : CVE-2021-42326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. CVE-2021-42326 Note that...

CVE-2021-42326

Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter...

Debian DLA-2787-1 : redmine - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2787 advisory. Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of...

[SECURITY] [DLA 2787-1] redmine security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2787-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 18, 2021 https://wiki.debian.org/LTS -...

CVE-2021-42326

creationtimestamp| type| source ---|---|--- 2021-10-12 22:25:46+00:00| seen| https://t.me/cibsecurity/30446...

CVE-2021-42326

CVE-2021-42326 affects Redmine prior to 4.1.5 and 4.2.x prior to 4.2.3, where an insufficient access filter on activity views may disclose usernames. The root cause is inadequate access control in activity views, enabling information disclosure. Affected products are Redmine (project management/w...