In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
Max CVSS
4.3
EPSS Score
0.19%
Published
2017-11-13
Updated
2019-04-30
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.35%
Published
2017-10-18
Updated
2019-03-14
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.35%
Published
2017-10-18
Updated
2019-03-14
3 vulnerabilities found