2017-10-18 02:00:00
mitre
PUBLISHED
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a projects settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.