← back
CVE-2015-8473

CVE-2015-8473

EPSS 1.7%
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22https://www.redmine.org/issues/21136https://www.redmine.org/projects/redmine/wiki/Changelog_3_0https://www.redmine.org/projects/redmine/wiki/Changelog_3_1https://www.redmine.org/versions/105http://www.debian.org/security/2016/dsa-3529http://www.securityfocus.com/bid/78621