Skip to main content

Redmine CVE-2017-15575

HIGH
2017-10-18 cve@mitre.org
7.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Oct 18, 2017 - 02:29 cve.org
HIGH 7.3

DescriptionCVE.org

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.

AnalysisAI

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. Affected products include: Redmine, Debian Debian Linux. Version information: before 3.2.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-1985 MEDIUM POC
5.8 Apr 11

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Red

CVE-2021-29274 MEDIUM POC
6.1 Mar 29

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. Rated medium se

CVE-2021-30164 CRITICAL
9.8 Apr 06

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by lev

CVE-2017-15572 HIGH
7.5 Oct 18

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens

CVE-2017-15577 HIGH
7.5 Oct 18

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obt

CVE-2017-15576 HIGH
7.5 Oct 18

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attac

CVE-2022-44030 HIGH
7.5 Dec 06

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permis

CVE-2021-37156 HIGH
7.5 Aug 05

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's

CVE-2021-31863 HIGH
7.5 Apr 28

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x b

CVE-2021-30163 HIGH
7.5 Apr 06

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal

CVE-2015-8474 HIGH
7.4 Apr 12

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine befor

CVE-2019-18890 MEDIUM
6.5 Nov 21

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected

Share

CVE-2017-15575 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy