Redmine prior to 4.0.8 and 4.1.x prior to 4.1.2 allows malicious users to bypass the add_issue_notes permission requirement by leveraging the Issues API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redmine redmine |
||
debian debian linux 9.0 |