← Back

CVE-2015-8346

nvd nist

Published: Apr 12, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Affected (10)

Products: Redmine: Redmine · Debian: Debian Linux

1 product

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Redmine Redmine	Up to 2.6.7
Redmine Redmine	Version 3.0.0
Redmine Redmine	Version 3.0.1
Redmine Redmine	Version 3.0.2
Redmine Redmine	Version 3.0.3
Redmine Redmine	Version 3.0.4
Redmine Redmine	Version 3.0.5
Redmine Redmine	Version 3.1.0
Redmine Redmine	Version 3.1.1