Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.4.2-1", "binary_name": "redmine" }, { "binary_version": "3.4.2-1", "binary_name": "redmine-mysql" }, { "binary_version": "3.4.2-1", "binary_name": "redmine-pgsql" }, { "binary_version": "3.4.2-1", "binary_name": "redmine-sqlite" } ], "availability": "No subscription required" }