{"id":"CVE-2015-8346","details":"app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.","modified":"2026-04-10T03:45:30.647268Z","published":"2016-04-12T14:59:03Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3529"},{"type":"ADVISORY","url":"http://www.redmine.org/news/102"},{"type":"FIX","url":"http://www.redmine.org/news/102"},{"type":"FIX","url":"https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c"},{"type":"WEB","url":"https://www.redmine.org/issues/21150"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}