Sensitive Information Disclosure in Redmine Time Logging Form
CVE-2015-8346 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
Learn more about our Web Application Penetration Testing UK.