Published: 18/10/2017 Updated: 14/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Redmine prior to 3.2.6 and 3.3.x prior to 3.3.3 mishandles the rendering of wiki links, which allows remote malicious users to obtain sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redmine redmine 3.3.1
redmine redmine 3.3.2
redmine redmine
redmine redmine 3.3.0
debian debian linux 9.0

Multiple vulnerabilities were discovered in Redmine, a project management web application They could lead to remote code execution, information disclosure or cross-site scripting attacks For the stable distribution (stretch), these problems have been fixed in version 331-4+deb9u1 We recommend that you upgrade your redmine packages In addition ...

Redmine Legacy Link Plugin

# Redmine Legacy Link Plugin This plugin is for Redmine 34 This plugin can disable the change wwwredmineorg/projects/redmine/repository/revisions/16283 Please check the following URL: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-15577 And including wiki-linkspatch in wwwredmineorg/issues/26530 ### Plugin Installation Put plugin folder and restart Redmine only

CWE-200 https://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.redmine.org/issues/23793 https://www.debian.org/security/2018/dsa-4191 https://nvd.nist.gov https://www.debian.org/security/./dsa-4191 https://github.com/crosspoints/redmine_legacy_link

CVE-2017-15577

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect