Launchpad.net

CVE 2015-8537

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

See the CVE page on Mitre.org for more details.

References