4.3

CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
RedmineRedmine Version <= 2.6.7
RedmineRedmine Version3.0.0
RedmineRedmine Version3.0.1
RedmineRedmine Version3.0.2
RedmineRedmine Version3.0.3
RedmineRedmine Version3.0.4
RedmineRedmine Version3.0.5
RedmineRedmine Version3.1.0
RedmineRedmine Version3.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.72% 0.745
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.debian.org/security/2016/dsa-3529
http://www.securityfocus.com/bid/78621
https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
https://www.redmine.org/issues/21136
Patch
https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
Patch
https://www.redmine.org/projects/redmine/wiki/Changelog_3_1
Patch
https://www.redmine.org/versions/105
Patch
Vendor Advisory