Main Vulnerability Database Vulnerabilities #VU43417

Input validation error in Redmine - CVE-2011-4929

Published: October 8, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43417

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2011-4929

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Ruby

Affected software:
Redmine

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

How to mitigate CVE-2011-4929

Install update from vendor's website.

Sources

http://www.debian.org/security/2011/dsa-2261
http://www.openwall.com/lists/oss-security/2012/01/06/5
http://www.openwall.com/lists/oss-security/2012/01/06/7
http://www.redmine.org/news/49

Input validation error in Redmine - CVE-2011-4929

Detailed vulnerability description

How to mitigate CVE-2011-4929

Sources

Please verify you're human