2 matches found
Wagtail vulnerable to disclosure of user names via admin bulk action views
Impact A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user...
CVE-2021-42326
CVE-2021-42326 affects Redmine prior to 4.1.5 and 4.2.x prior to 4.2.3, where an insufficient access filter on activity views may disclose usernames. The root cause is inadequate access control in activity views, enabling information disclosure. Affected products are Redmine (project management/w...