UBUNTU-CVE-2015-8473
- Source
- https://ubuntu.com/security/CVE-2015-8473
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8473.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-8473
- Upstream
- Withdrawn
- 2025-07-18T16:43:18Z
- Published
- 2016-04-12T14:59:00Z
- Modified
- 2025-07-16T08:11:48.627448Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.
- References
-
- https://ubuntu.com/security/CVE-2015-8473
- https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
- https://www.redmine.org/issues/21136
- http://www.openwall.com/lists/oss-security/2015/12/03/7
- https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
- https://www.cve.org/CVERecord?id=CVE-2015-8473
Affected packages
Ubuntu:16.04:LTS / redmine
Package
- Name
- redmine
- Purl
- pkg:deb/ubuntu/redmine@3.2.0-1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.0-1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.2.0-1",
"binary_name": "redmine"
},
{
"binary_version": "3.2.0-1",
"binary_name": "redmine-mysql"
},
{
"binary_version": "3.2.0-1",
"binary_name": "redmine-pgsql"
},
{
"binary_version": "3.2.0-1",
"binary_name": "redmine-sqlite"
}
]
}