Medium severity4.3NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026
CVE-2015-8473
CVE-2015-8473
Description
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=2.6.7
- cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.1:*:*:*:*:*:*:*
- (no CPE)range: <2.6.8, >=3.0.0 <3.0.6, >=3.1.0 <3.1.2
Patches
Vulnerability mechanics
References
7- www.redmine.org/issues/21136nvdPatch
- www.redmine.org/projects/redmine/wiki/Changelog_3_0nvdPatch
- www.redmine.org/projects/redmine/wiki/Changelog_3_1nvdPatch
- www.redmine.org/versions/105nvdPatchVendor Advisory
- www.debian.org/security/2016/dsa-3529nvd
- www.securityfocus.com/bid/78621nvd
- github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22nvd
News mentions
0No linked articles in our index yet.