CyberSec.Space Logo
Back to CVE Browser

CVE-2011-4929

HIGH
7.5
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile39.65th
PublishedOct 8, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

Affected Platforms (CPE)

πŸ“¦
Redmine

Redmine

= 0.9.0
πŸ“¦
Redmine

Redmine

= 0.9.1
πŸ“¦
Redmine

Redmine

= 0.9.2
πŸ“¦
Redmine

Redmine

= 0.9.3
πŸ“¦
Redmine

Redmine

= 0.9.4
πŸ“¦
Redmine

Redmine

= 0.9.5
πŸ“¦
Redmine

Redmine

= 0.9.6
πŸ“¦
Redmine

Redmine

= 1.0.0
πŸ“¦
Redmine

Redmine

= 1.0.1
πŸ“¦
Redmine

Redmine

= 1.0.2
πŸ“¦
Redmine

Redmine

= 1.0.3
πŸ“¦
Redmine

Redmine

= 1.0.4

References & Advisories

πŸ”— http://www.debian.org/security/2011/dsa-2261
πŸ”— http://www.openwall.com/lists/oss-security/2012/01/06/5
πŸ”— http://www.openwall.com/lists/oss-security/2012/01/06/7
πŸ”— http://www.redmine.org/news/49
πŸ”— http://www.debian.org/security/2011/dsa-2261
πŸ”— http://www.openwall.com/lists/oss-security/2012/01/06/5
πŸ”— http://www.openwall.com/lists/oss-security/2012/01/06/7
πŸ”— http://www.redmine.org/news/49

Related Vulnerabilities

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155767.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to ob...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...