oss-sec mailing list archives
Re: CVE request: Redmine - information disclosure on the time logging form
From: cve-assign () mitre org
Date: Wed, 25 Nov 2015 13:00:56 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
please assign a CVE ID for an information disclosure issue in the latest Redmine releases (2.6.8, 3.0.6 and 3.1.2)
http://www.redmine.org/news/102 http://www.redmine.org/projects/redmine/wiki/Security_Advisories https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c https://www.redmine.org/issues/21150
http://www.redmine.org/projects/redmine/wiki/Changelog 3.1.2 (2015-11-14) Defect #21150: Time logging form may disclose subjects of issues that are not visible
app/views/timelog/_form.html.erb
Use CVE-2015-8346. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWVfbkAAoJEL54rhJi8gl5f04P/1XGw1J1Fi0XLL+FmtU7AuLs LMCBktJV2LC1O+v/D2+uGOxzJnhwoxggjIuUerEpc0XVBNNrF2rhzxb0DeAvBN0m IKN8dUZpv12RPIEtqPTiy15wHOCMMnO99Auq/uW0kwZRmRfOjycBBiacGW7YBvLa v6R1/hpnJyZ1C0UCin//MLxMdeFAsb6Zx47p/v7k+bhy2/yAvquot29dqtBUrNMA 27ksZIiHAQv7iU7s/g9Dfgp55WNfDjjz0u/eo1+fusEvVpZ1wNI6k0MMk1Pk5vLf JFNfwee6GRCuwxzH8aRzQifbUAxkzAEqnvYgIIUVaCDrvxQKglq497tkEMVcpV7j 2NX2LK3QHaeX5ewNCKYqCLgUbKKOxQrE0gbY4mSWf44t9bvRl7ScOD3s5Bo0k/gM psmmgVcZkh5y6uffre6PX3q4MYTk8MT8CqMv7pCas+YWfGxbFFPp60bec/eK4o9g j7ZUrm3VRzssAAEJ3fe9F0XVexRmp0E1tgktvh/yUfSMh9yZdtoRLUm2NEejsUHu +Fs29esV0hW9TQEF9slAb60MT+fyTBVWPPr8EXSq2AoH3vNAHWh8VmRuW2J+DsFY jAIq1wNAQxuxlFW85MfNAFRwGVje/Csksffa31bbL9NOieKOK7DxdBWGskZUiyah a2oSGccwzK937D/lCz2L =IT7r -----END PGP SIGNATURE-----
Current thread:
- CVE request: Redmine - information disclosure on the time logging form Matthias Geerdsen (Nov 24)
- Re: CVE request: Redmine - information disclosure on the time logging form cve-assign (Nov 25)