Redmine prior to 4.0.9, 4.1.x prior to 4.1.3, and 4.2.x prior to 4.2.1 allows malicious users to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redmine redmine |
||
debian debian linux 9.0 |