CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15576

HIGH
7.5
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile41.34th
PublishedOct 18, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.

Affected Platforms (CPE)

πŸ“¦
Redmine

Redmine

<= 3.2.5
πŸ“¦
Redmine

Redmine

= 3.3.0
πŸ“¦
Redmine

Redmine

= 3.3.1
πŸ“¦
Redmine

Redmine

= 3.3.2
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— https://www.debian.org/security/2018/dsa-4191
πŸ”— https://www.redmine.org/issues/23803
πŸ”— https://www.redmine.org/projects/redmine/wiki/Security_Advisories
πŸ”— https://www.debian.org/security/2018/dsa-4191
πŸ”— https://www.redmine.org/issues/23803
πŸ”— https://www.redmine.org/projects/redmine/wiki/Security_Advisories

Related Vulnerabilities

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155777.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensit...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...