Vulnerability Details : CVE-2011-4929
Public exploit exists!
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2011-4929
Probability of exploitation activity in the next 30 days: 95.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-4929
-
Redmine SCM Repository Arbitrary Command Execution
Disclosure Date: 2010-12-19First seen: 2020-04-26exploit/unix/webapp/redmine_scm_execThis module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering. Authors: - joernchen <joernchen@phenoelit.d
CVSS scores for CVE-2011-4929
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2011-4929
-
http://www.openwall.com/lists/oss-security/2012/01/06/5
oss-security - CVE request: redmine issues
-
http://www.redmine.org/news/49
Redmine 1.0.5 bug/security fix released - RedmineVendor Advisory
-
http://www.openwall.com/lists/oss-security/2012/01/06/7
oss-security - Re: CVE request: redmine issues
-
http://www.debian.org/security/2011/dsa-2261
Debian -- Security Information -- DSA-2261-1 redmine
Products affected by CVE-2011-4929
- cpe:2.3:a:redmine:redmine:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.9.6:*:*:*:*:*:*:*