CVE-2021-42326 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
Redmine before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
Group Package Affected Fixed Severity Status Ticket
AVG-2462 redmine 4.2.2-2 4.2.3-1 Medium Fixed FS#72728
References
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/35789
https://github.com/redmine/redmine/commit/3fd9787e43f7092490e7f0ce36900bbeafd4921b