CVE-2015-8473

Sažetak

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.

Reference

http://www.debian.org/security/2016/dsa-3529
http://www.securityfocus.com/bid/78621
https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
https://www.redmine.org/issues/21136
https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
https://www.redmine.org/projects/redmine/wiki/Changelog_3_1
https://www.redmine.org/versions/105

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

20-04-2016 - 19:26

Objavljeno

12-04-2016 - 14:59