CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-15576

HIGH
7.5
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile41.34th
Published2017年10月18日
Last Modified2026年5月13日

Vulnerability Description

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.

Affected Platforms (CPE)

📦
Redmine

Redmine

<= 3.2.5
📦
Redmine

Redmine

= 3.3.0
📦
Redmine

Redmine

= 3.3.1
📦
Redmine

Redmine

= 3.3.2
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://www.debian.org/security/2018/dsa-4191
🔗 https://www.redmine.org/issues/23803
🔗 https://www.redmine.org/projects/redmine/wiki/Security_Advisories
🔗 https://www.debian.org/security/2018/dsa-4191
🔗 https://www.redmine.org/issues/23803
🔗 https://www.redmine.org/projects/redmine/wiki/Security_Advisories

相关漏洞威胁

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155777.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensit...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...