5.3

CVE-2015-8346

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedmineRedmine Version <= 2.6.7
RedmineRedmine Version3.0.0
RedmineRedmine Version3.0.1
RedmineRedmine Version3.0.2
RedmineRedmine Version3.0.3
RedmineRedmine Version3.0.4
RedmineRedmine Version3.0.5
RedmineRedmine Version3.1.0
RedmineRedmine Version3.1.1
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.93% 0.774
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2016/dsa-3529
http://www.redmine.org/news/102
Patch
Vendor Advisory
https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
https://www.redmine.org/issues/21150