CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-4929

HIGH
7.5
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile39.65th
Published2012年10月8日
Last Modified2026年4月29日

Vulnerability Description

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

Affected Platforms (CPE)

📦
Redmine

Redmine

= 0.9.0
📦
Redmine

Redmine

= 0.9.1
📦
Redmine

Redmine

= 0.9.2
📦
Redmine

Redmine

= 0.9.3
📦
Redmine

Redmine

= 0.9.4
📦
Redmine

Redmine

= 0.9.5
📦
Redmine

Redmine

= 0.9.6
📦
Redmine

Redmine

= 1.0.0
📦
Redmine

Redmine

= 1.0.1
📦
Redmine

Redmine

= 1.0.2
📦
Redmine

Redmine

= 1.0.3
📦
Redmine

Redmine

= 1.0.4

References & Advisories

🔗 http://www.debian.org/security/2011/dsa-2261
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/5
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/7
🔗 http://www.redmine.org/news/49
🔗 http://www.debian.org/security/2011/dsa-2261
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/5
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/7
🔗 http://www.redmine.org/news/49

関連する脆弱性情報

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155767.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to ob...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...