CVE-2015-8537

MEDIUM

Redmine <2.6.9, <3.0.7, <3.1.3 - Info Disclosure

Title source: llm

Description

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

References (3)

[Patch, Vendor Advisory] http://www.redmine.org/news/103

[Patch] https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3529

Scores

CVSS v3 5.3

EPSS 0.0046

EPSS Percentile 64.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (12)

debian/debian_linux

redmine/redmine < 2.6.8

redmine/redmine

Timeline

Published Apr 12, 2016

Tracked Since Feb 18, 2026