CVE-2015-8346
redmine - security update
5.3
MEDIUM
CVSS 3.1
EPSS 0.46%
Description
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
How to fix CVE-2015-8346
To remediate CVE-2015-8346, upgrade the affected package to a fixed version below.
- Debian/redmine—upgrade to 3.2.0-1 or later
- —upgrade to 1.0.1-2+deb6u11 or later
- —upgrade to 3.0~20140825-8~deb8u2 or later
Is CVE-2015-8346 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.2.0-1
- from 0, < 1.0.1-2+deb6u11
- from 0, < 3.0~20140825-8~deb8u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |