CVE-2015-8473

Name of the Vulnerable Software and Affected Versions Redmine versions prior to 2.6.8 Redmine versions 3.0.x prior to 3.0.6 Redmine versions 3.1.x prior to 3.1.2

Description The issue allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.

Recommendations For versions prior to 2.6.8, update to version 2.6.8 or later. For versions 3.0.x prior to 3.0.6, update to version 3.0.6 or later. For versions 3.1.x prior to 3.1.2, update to version 3.1.2 or later.