Back to CVE Browser

CVE-2017-15577

HIGH

7.5

CVSS Severity Score

EPSS Score0.1430%

EPSS Percentile36.68th

PublishedOct 18, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.

Affected Platforms (CPE)

📦

Redmine

Redmine

<= 3.2.5

📦

Redmine

Redmine

= 3.3.0

📦

Redmine

Redmine

= 3.3.1

📦

Redmine

Redmine

= 3.3.2

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://www.debian.org/security/2018/dsa-4191

🔗 https://www.redmine.org/issues/23793

🔗 https://www.redmine.org/projects/redmine/wiki/Security_Advisories

🔗 https://www.debian.org/security/2018/dsa-4191

🔗 https://www.redmine.org/issues/23793

🔗 https://www.redmine.org/projects/redmine/wiki/Security_Advisories

Related Vulnerabilities

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155767.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to ob...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...