Sensitive Information Disclosure in Redmine Time Logging Form

Sensitive Information Disclosure in Redmine Time Logging Form

CVE-2015-8346 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Learn more about our Web Application Penetration Testing UK.