Redmine · Redmine · CVE-2015-8473
**Name of the Vulnerable Software and Affected Versions**
Redmine versions prior to 2.6.8
Redmine versions 3.0.x prior to 3.0.6
Redmine versions 3.1.x prior to 3.1.2
**Description**
The issue allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
**Recommendations**
For versions prior to 2.6.8, update to version 2.6.8 or later.
For versions 3.0.x prior to 3.0.6, update to version 3.0.6 or later.
For versions 3.1.x prior to 3.1.2, update to version 3.1.2 or later.