Main Vulnerability Database Vulnerabilities #VU40389

Information disclosure in Debian Linux and Redmine - CVE-2015-8537

Published: April 12, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40389

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-8537

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Debian
Ruby

Affected software:
Debian Linux
Redmine

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

How to mitigate CVE-2015-8537

Install update from vendor's website.

Sources

http://www.debian.org/security/2016/dsa-3529
http://www.redmine.org/news/103
https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56

Information disclosure in Debian Linux and Redmine - CVE-2015-8537

Detailed vulnerability description

How to mitigate CVE-2015-8537

Sources

Please verify you're human