Medium severity5.3NVD Advisory· Published Apr 12, 2016· Updated May 6, 2026

CVE-2015-8346

Description

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.

Affected products

Redmine/Redmine9 versions
cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=2.6.7
- cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redmine.org/news/102nvdPatchVendor Advisory
www.debian.org/security/2016/dsa-3529nvd
github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5cnvd
www.redmine.org/issues/21150nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000