CyberSec.Space Logo
返回 CVE 浏览器

CVE-2011-4929

HIGH
7.5
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile39.65th
Published2012年10月8日
Last Modified2026年4月29日

Vulnerability Description

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

Affected Platforms (CPE)

📦
Redmine

Redmine

= 0.9.0
📦
Redmine

Redmine

= 0.9.1
📦
Redmine

Redmine

= 0.9.2
📦
Redmine

Redmine

= 0.9.3
📦
Redmine

Redmine

= 0.9.4
📦
Redmine

Redmine

= 0.9.5
📦
Redmine

Redmine

= 0.9.6
📦
Redmine

Redmine

= 1.0.0
📦
Redmine

Redmine

= 1.0.1
📦
Redmine

Redmine

= 1.0.2
📦
Redmine

Redmine

= 1.0.3
📦
Redmine

Redmine

= 1.0.4

References & Advisories

🔗 http://www.debian.org/security/2011/dsa-2261
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/5
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/7
🔗 http://www.redmine.org/news/49
🔗 http://www.debian.org/security/2011/dsa-2261
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/5
🔗 http://www.openwall.com/lists/oss-security/2012/01/06/7
🔗 http://www.redmine.org/news/49

相关漏洞威胁

CVE-2021-301649.8

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging th...

CVE-2017-180268.8

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial...

CVE-2017-155767.5

Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to ob...

CVE-2017-155727.5

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by readi...