CVE-2015-8473 — Sensitive Information Exposure in Redmine

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redmine Debian Redmine Debian Linux

Timeline

PublishedApr 12

Latest updateMay 17

Description

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/redmine< redmine 3.2.0-1 (bookworm)

▶Debianredmine/redmine< 3.2.0-1+1

▶NVDredmine/redmine2.6.7+8

Also affects: Debian Linux 8.0

Patches

Patch: www.redmine.org ↗Patch: www.redmine.org ↗Patch: www.redmine.org ↗

🔴Vulnerability Details

GHSA

GHSA-4rg4-ccch-c88j: The Issues API in Redmine before 2↗2022-05-17

▶

OSV

CVE-2015-8473: The Issues API in Redmine before 2↗2016-04-12

▶

📋Vendor Advisories

Debian

CVE-2015-8473: redmine - The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1...↗2015

▶