4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
65.2%
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x
before 3.1.2 allows remote authenticated users to obtain sensitive
information in changeset messages by leveraging permission to read issues
with related changesets from other projects.
www.openwall.com/lists/oss-security/2015/12/03/7
github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
launchpad.net/bugs/cve/CVE-2015-8473
nvd.nist.gov/vuln/detail/CVE-2015-8473
security-tracker.debian.org/tracker/CVE-2015-8473
www.cve.org/CVERecord?id=CVE-2015-8473
www.redmine.org/issues/21136
www.redmine.org/projects/redmine/wiki/Changelog_3_0
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
65.2%