3 matches found
Debian DSA-4191-1 : redmine - security update
Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
CVE-2017-16804
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages...
CVE-2017-16804
CVE-2017-16804 affects Redmine before 3.2.7 and 3.3.x before 3.3.4. The vulnerability lies in the reminders function (app/models/mailer.rb) which does not verify issue visibility, allowing remote authenticated users to disclose sensitive information by reading e-mail reminder messages. Affected v...