SB2012100801 - Multiple vulnerabilities in Ruby Redmine

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012100801

SB2012100801 - Multiple vulnerabilities in Ruby Redmine

Published: October 8, 2012 Updated: August 11, 2020

Security Bulletin ID SB2012100801
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2011-4929)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.


2) Input validation error (CVE-ID: CVE-2011-4927)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.


Remediation

Install update from vendor's website.

References