CVE-2015-8473
N/A
N/A
Summary
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/78621
- https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
- https://www.redmine.org/issues/21136
- https://www.redmine.org/versions/105
- https://www.redmine.org/projects/redmine/wiki/Changelog_3_1
- http://www.debian.org/security/2016/dsa-3529
- https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
References
- http://www.securityfocus.com/bid/78621
- https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
- https://www.redmine.org/issues/21136
- https://www.redmine.org/versions/105
- https://www.redmine.org/projects/redmine/wiki/Changelog_3_1
- http://www.debian.org/security/2016/dsa-3529
- https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.