Main Vulnerability Database Vulnerabilities #VU43418

Input validation error in Redmine - CVE-2011-4927

Published: October 8, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43418

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4927

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Ruby

Affected software:
Redmine

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

How to mitigate CVE-2011-4927

Install update from vendor's website.

Sources

http://www.debian.org/security/2011/dsa-2261
http://www.openwall.com/lists/oss-security/2012/01/06/5
http://www.openwall.com/lists/oss-security/2012/01/06/7
http://www.redmine.org/news/49

Input validation error in Redmine - CVE-2011-4927

Detailed vulnerability description

How to mitigate CVE-2011-4927

Sources

Please verify you're human