In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a projects settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Redmine | Redmine | * | 3.2.5 (including) |
Redmine | Redmine | 3.3.0 (including) | 3.3.0 (including) |
Redmine | Redmine | 3.3.1 (including) | 3.3.1 (including) |
Redmine | Redmine | 3.3.2 (including) | 3.3.2 (including) |