app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Redmine | Redmine | 3.0.2 | 3.0.2 |
Redmine | Redmine | 3.0.5 | 3.0.5 |
Redmine | Redmine | 3.0.3 | 3.0.3 |
Redmine | Redmine | 3.0.4 | 3.0.4 |
Redmine | Redmine | 3.1.1 | 3.1.1 |
Redmine | Redmine | * | 2.6.7 |
Redmine | Redmine | 3.0.1 | 3.0.1 |
Redmine | Redmine | 3.0.0 | 3.0.0 |
Redmine | Redmine | 3.1.0 | 3.1.0 |