CVE-2015-8346

medium

Description

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

References

https://www.redmine.org/issues/21150

https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c

http://www.redmine.org/news/102

http://www.debian.org/security/2016/dsa-3529

Details

Source: Mitre, NVD

Published: 2016-04-12

Updated: 2016-04-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N