{"id":"CVE-2021-42326","details":"Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.","aliases":["BIT-redmine-2021-42326"],"modified":"2026-04-11T12:38:10.832176Z","published":"2021-10-12T19:15:08.047Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00013.html"},{"type":"ADVISORY","url":"https://www.redmine.org/news/133"},{"type":"ADVISORY","url":"https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10"},{"type":"ADVISORY","url":"https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10"},{"type":"FIX","url":"https://www.redmine.org/projects/redmine/wiki/Security_Advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redmine/redmine","events":[{"introduced":"0"},{"fixed":"d40ee534f202f88829a1ea42206dfc504656a2e2"},{"introduced":"47d3615a0b2a1d8c9db3d90a0c836e1d24f036a6"},{"fixed":"9f7103277263d61708e6d7250d324703f26687ab"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"4.1.5"},{"introduced":"4.2.0"},{"fixed":"4.2.3"}],"cpe":"cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42326.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}