CVE-2015-8473
4.3
MEDIUM
CVSS 3.1
EPSS 0.46%
Description
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
How to fix CVE-2015-8473
To remediate CVE-2015-8473, upgrade the affected package to a fixed version below.
- Debian/redmine—upgrade to 3.2.0-1 or later
Is CVE-2015-8473 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.2.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |