The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2016-04-12 14:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-8473
Mitre link : CVE-2015-8473
CVE.ORG link : CVE-2015-8473
JSON object : View
Products Affected
redmine
- redmine
debian
- debian_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor