CVE-2015-8473

MEDIUM

Redmine <2.6.8, <3.0.6, <3.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/78621
Patch, Vendor Advisory x_refsource_confirm
https://www.redmine.org/versions/105
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3529
Patch x_refsource_confirm
https://www.redmine.org/issues/21136

Scores

CVSS v3 4.3
EPSS 0.0172
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (10)
debian/debian_linux 8.0
redmine/redmine 3.0.0
redmine/redmine 3.0.1
redmine/redmine 3.0.2
redmine/redmine 3.0.3
redmine/redmine 3.0.4
redmine/redmine 3.0.5
redmine/redmine 3.1.0
redmine/redmine 3.1.1
redmine/redmine < 2.6.7
Published Apr 12, 2016
Tracked Since Feb 18, 2026