CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-15577

HIGH
7.5
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile36.68th
Published2017年10月18日
Last Modified2026年5月13日

Vulnerability Description

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.

Affected Platforms (CPE)

📦
Redmine

Redmine

<= 3.2.5
📦
Redmine

Redmine

= 3.3.0
📦
Redmine

Redmine

= 3.3.1
📦
Redmine

Redmine

= 3.3.2
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://www.debian.org/security/2018/dsa-4191
🔗 https://www.redmine.org/issues/23793
🔗 https://www.redmine.org/projects/redmine/wiki/Security_Advisories
🔗 https://www.debian.org/security/2018/dsa-4191
🔗 https://www.redmine.org/issues/23793
🔗 https://www.redmine.org/projects/redmine/wiki/Security_Advisories

相關漏洞威脅

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155767.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to ob...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...