[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: Redmine - information disclosure on the time logging form
From:       cve-assign () mitre ! org
Date:       2015-11-25 18:00:56
Message-ID: 20151125180056.96B3F6C02A4 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> please assign a CVE ID for an information disclosure issue in the
> latest Redmine releases (2.6.8, 3.0.6 and 3.1.2)

> http://www.redmine.org/news/102
> http://www.redmine.org/projects/redmine/wiki/Security_Advisories
> https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
> https://www.redmine.org/issues/21150

> http://www.redmine.org/projects/redmine/wiki/Changelog
> 3.1.2 (2015-11-14)
> Defect #21150: Time logging form may disclose subjects of issues that are not visible

> app/views/timelog/_form.html.erb

Use CVE-2015-8346.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWVfbkAAoJEL54rhJi8gl5f04P/1XGw1J1Fi0XLL+FmtU7AuLs
LMCBktJV2LC1O+v/D2+uGOxzJnhwoxggjIuUerEpc0XVBNNrF2rhzxb0DeAvBN0m
IKN8dUZpv12RPIEtqPTiy15wHOCMMnO99Auq/uW0kwZRmRfOjycBBiacGW7YBvLa
v6R1/hpnJyZ1C0UCin//MLxMdeFAsb6Zx47p/v7k+bhy2/yAvquot29dqtBUrNMA
27ksZIiHAQv7iU7s/g9Dfgp55WNfDjjz0u/eo1+fusEvVpZ1wNI6k0MMk1Pk5vLf
JFNfwee6GRCuwxzH8aRzQifbUAxkzAEqnvYgIIUVaCDrvxQKglq497tkEMVcpV7j
2NX2LK3QHaeX5ewNCKYqCLgUbKKOxQrE0gbY4mSWf44t9bvRl7ScOD3s5Bo0k/gM
psmmgVcZkh5y6uffre6PX3q4MYTk8MT8CqMv7pCas+YWfGxbFFPp60bec/eK4o9g
j7ZUrm3VRzssAAEJ3fe9F0XVexRmp0E1tgktvh/yUfSMh9yZdtoRLUm2NEejsUHu
+Fs29esV0hW9TQEF9slAb60MT+fyTBVWPPr8EXSq2AoH3vNAHWh8VmRuW2J+DsFY
jAIq1wNAQxuxlFW85MfNAFRwGVje/Csksffa31bbL9NOieKOK7DxdBWGskZUiyah
a2oSGccwzK937D/lCz2L
=IT7r
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]