Main Vulnerability Database Vulnerabilities #VU40389

#VU40389 Information disclosure in Debian Linux and Redmine - CVE-2015-8537

Published: April 12, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40389

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-8537

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Debian Linux
Redmine

Software vendor:
Debian
Ruby

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.

Remediation

Install update from vendor's website.

External links

http://www.debian.org/security/2016/dsa-3529
http://www.redmine.org/news/103
https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56

#VU40389 Information disclosure in Debian Linux and Redmine - CVE-2015-8537

Description

Remediation

External links

Please verify you're human