CVE-2017-15577Sensitive Information Exposure in Redmine

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
RedmineDebian RedmineDebian Linux
Timeline
PublishedOct 18
Latest updateMay 14

Description

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/redmine< redmine 3.4.2-1 (bookworm)
Debianredmine/redmine< 3.4.2-1+1
NVDredmine/redmine3.2.5+3

Also affects: Debian Linux 9.0

Patches

Patch: www.redmine.orgPatch: www.redmine.org

🔴Vulnerability Details

2
GHSA
GHSA-f87p-9hqc-9w9r: Redmine before 32022-05-14
OSV
CVE-2017-15577: Redmine before 32017-10-18

📋Vendor Advisories

1
Debian
CVE-2017-15577: redmine - Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki lin...2017