5.3

CVE-2015-8346

EPSS 0.47%
Veröffentlicht 12.04.2016 14:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redmine ≫ Redmine Version <= 2.6.7

Redmine ≫ Redmine Version3.0.0

Redmine ≫ Redmine Version3.0.1

Redmine ≫ Redmine Version3.0.2

Redmine ≫ Redmine Version3.0.3

Redmine ≫ Redmine Version3.0.4

Redmine ≫ Redmine Version3.0.5

Redmine ≫ Redmine Version3.1.0

Redmine ≫ Redmine Version3.1.1

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.616

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.debian.org/security/2016/dsa-3529

http://www.redmine.org/news/102

Patch

Vendor Advisory

https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c

https://www.redmine.org/issues/21150

https://nvd.nist.gov/vuln/detail/CVE-2015-8346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8346

EUVD