4 matches found
SUSE CVE-2017-15572
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...
Debian DSA-4191-1 : redmine - security update
Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
CVE-2017-15572
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information password reset tokens by reading a Referer log, because account/lostpassword does not use a redirect...
CVE-2017-15572
Vulnerability overview (CVE-2017-15572): Redmine before 3.2.6 and 3.3.x before 3.3.3 exposes password reset tokens via an information disclosure in the account/lost_password flow, because the redirect is not used and Referer logs can leak tokens. Affected software: Redmine web application; vulner...