In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "redmine", "binary_version": "3.4.2-1" }, { "binary_name": "redmine-mysql", "binary_version": "3.4.2-1" }, { "binary_name": "redmine-pgsql", "binary_version": "3.4.2-1" }, { "binary_name": "redmine-sqlite", "binary_version": "3.4.2-1" } ] }