Redmine · Redmine · CVE-2021-42326
**Name of the Vulnerable Software and Affected Versions**
Redmine versions 4.1.5 and earlier
Redmine versions 4.2.x before 4.2.3
**Description**
The issue is related to an insufficient access filter, which may disclose the names of users on activity views. This allows a remote attacker to access confidential data.
**Recommendations**
For Redmine versions 4.1.5 and earlier, update to version 4.1.5 or later.
For Redmine versions 4.2.x before 4.2.3, update to version 4.2.3 or later.