Redmine prior to 4.0.8 and 4.1.x prior to 4.1.2 allows malicious users to discover the names of private projects if issue-journal details exist that have changes to project_id values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redmine redmine |
||
debian debian linux 9.0 |