CVE-2015-8473

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-12 14:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-8473

Mitre link : CVE-2015-8473

CVE.ORG link : CVE-2015-8473


JSON object : View

Products Affected

redmine

  • redmine

debian

  • debian_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor