5.3

CVE-2015-8346

EPSS 0.47%
Published 12.04.2016 14:59:03
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Redmine ≫ Redmine Version <= 2.6.7

Redmine ≫ Redmine Version3.0.0

Redmine ≫ Redmine Version3.0.1

Redmine ≫ Redmine Version3.0.2

Redmine ≫ Redmine Version3.0.3

Redmine ≫ Redmine Version3.0.4

Redmine ≫ Redmine Version3.0.5

Redmine ≫ Redmine Version3.1.0

Redmine ≫ Redmine Version3.1.1

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.616

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.debian.org/security/2016/dsa-3529

http://www.redmine.org/news/102

Patch

Vendor Advisory

https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c

https://www.redmine.org/issues/21150

https://nvd.nist.gov/vuln/detail/CVE-2015-8346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8346

EUVD