CVE Vulnerabilities

CVE-2015-8346

Published: Apr 12, 2016 | Modified: Apr 20, 2016
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Affected Software

Name Vendor Start Version End Version
Redmine Redmine 3.0.2 3.0.2
Redmine Redmine 3.0.5 3.0.5
Redmine Redmine 3.0.3 3.0.3
Redmine Redmine 3.0.4 3.0.4
Redmine Redmine 3.1.1 3.1.1
Redmine Redmine * 2.6.7
Redmine Redmine 3.0.1 3.0.1
Redmine Redmine 3.0.0 3.0.0
Redmine Redmine 3.1.0 3.1.0

References