CVE-2017-16804

Опубликовано: 13 нояб. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.

Ссылки

https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
Issue Tracking
Patch
Third Party Advisory
https://www.debian.org/security/2018/dsa-4191
Third Party Advisory
https://www.redmine.org/issues/25713
Permissions Required
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
Issue Tracking
Vendor Advisory
https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
Issue Tracking
Patch
Third Party Advisory
https://www.debian.org/security/2018/dsa-4191
Third Party Advisory
https://www.redmine.org/issues/25713
Permissions Required
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*

Версия до 3.2.7 (исключая)

cpe:2.3:a:redmine:redmine:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:redmine:redmine:3.3.3:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00345

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-16804

CVSS3: 4.3

ubuntu

около 8 лет назад

CVE-2017-16804

CVSS3: 4.3

debian

около 8 лет назад

In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...

GHSA-c2rv-c7wr-4chh

CVSS3: 4.3

github

больше 3 лет назад

EPSS

Процентиль: 57%

0.00345

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200