Main Vulnerability Database Vulnerabilities #VU43417

#VU43417 Input validation error in Redmine - CVE-2011-4929

Published: October 8, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43417

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2011-4929

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Redmine

Software vendor:
Ruby

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

Remediation

Install update from vendor's website.

External links

http://www.debian.org/security/2011/dsa-2261
http://www.openwall.com/lists/oss-security/2012/01/06/5
http://www.openwall.com/lists/oss-security/2012/01/06/7
http://www.redmine.org/news/49