Main Vulnerability Database Vulnerabilities #VU43418

#VU43418 Input validation error in Redmine - CVE-2011-4927

Published: October 8, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43418

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4927

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Redmine

Software vendor:
Ruby

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

Remediation

Install update from vendor's website.

External links

http://www.debian.org/security/2011/dsa-2261
http://www.openwall.com/lists/oss-security/2012/01/06/5
http://www.openwall.com/lists/oss-security/2012/01/06/7
http://www.redmine.org/news/49

#VU43418 Input validation error in Redmine - CVE-2011-4927

Description

Remediation

External links

Please verify you're human