NuytsTech Security

CVE-2015-8346

by ·

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Date published : 2016-04-12

http://www.redmine.org/news/102

https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c

Tags: