
Find real vulnerabilities before they ship
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
Base Score
7.5| Base Score | 7.5 |
|---|---|
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Base Severity | High |
| Version | 3.0 |
| Attack Vector (AV) | NETWORK |