You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If one (say user A) adds another one (say user B) to the A's project, A is able to impersonate to B and disclose all projects where B is a member (in the project drop down)
Further, if B is a Redmine admin, A will be able to get to some admin pages.
Is it possible to fix this?
The text was updated successfully, but these errors were encountered:
Thank you for your plugin! It is very helpful.
Unfortunately it has a security issue:
Is it possible to fix this?
The text was updated successfully, but these errors were encountered: