CVE-2015-8346

medium

Description

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

References

http://www.debian.org/security/2016/dsa-3529

http://www.redmine.org/news/102

https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c

https://www.redmine.org/issues/21150

Details

Source: MITRE

Published: 2016-04-12

Updated: 2016-04-20

Type: CWE-199

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM