CVE-2015-8537

MEDIUM

Redmine <2.6.9, <3.0.7, <3.1.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.redmine.org/news/103
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3529

Scores

CVSS v3 5.3
EPSS 0.0193
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (12)
debian/debian_linux 8.0
redmine/redmine 3.0.0
redmine/redmine 3.0.1
redmine/redmine 3.0.2
redmine/redmine 3.0.3
redmine/redmine 3.0.4
redmine/redmine 3.0.5
redmine/redmine 3.0.6
redmine/redmine 3.1.0
redmine/redmine 3.1.1
... and 2 more
Published Apr 12, 2016
Tracked Since Feb 18, 2026