Published: 13/11/2017 Updated: 30/04/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

In Redmine prior to 3.2.7 and 3.3.x prior to 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redmine redmine 3.3.1
redmine redmine 3.3.3
redmine redmine
redmine redmine 3.3.0
redmine redmine 3.3.2
debian debian linux 9.0

Multiple vulnerabilities were discovered in Redmine, a project management web application They could lead to remote code execution, information disclosure or cross-site scripting attacks For the stable distribution (stretch), these problems have been fixed in version 331-4+deb9u1 We recommend that you upgrade your redmine packages In addition ...

CWE-200 https://www.redmine.org/projects/redmine/wiki/Security_Advisories https://www.redmine.org/issues/25713 https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc https://www.debian.org/security/2018/dsa-4191 https://nvd.nist.gov https://www.debian.org/security/./dsa-4191

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-16804

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect