VYPR
High severity7.3NVD Advisory· Published Oct 18, 2017· Updated Jun 17, 2026

CVE-2017-15575

CVE-2017-15575

Description

In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Redmine/Redmine5 versions
    cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=3.2.5
    • cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*
    • (no CPE)range: <3.2.6, <3.3.3
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.