Vulnerability Details : CVE-2015-8346
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
Products affected by CVE-2015-8346
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8346
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8346
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2015-8346
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8346
-
https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
Fixed that time logging form may disclose subjects of issues that are… · redmine/redmine@c096dde · GitHub
-
https://www.redmine.org/issues/21150
Redmine
-
http://www.redmine.org/news/102
Redmine 3.1.2, 3.0.6 and 2.6.8 released - RedminePatch;Vendor Advisory
-
http://www.debian.org/security/2016/dsa-3529
Debian -- Security Information -- DSA-3529-1 redmine
Jump to