Vulnerability Details : CVE-2017-18026
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
Products affected by CVE-2017-18026
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18026
0.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18026
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2017-18026
-
https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
mercurial: separate command options and positional arguments with "--… · redmine/redmine@58ed865 · GitHubPatch;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4191
Debian -- Security Information -- DSA-4191-1 redmineThird Party Advisory
-
https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
mercurial: work around faulty parsing of early command options (#27516) · redmine/redmine@9d79740 · GitHubPatch;Third Party Advisory
-
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
Security Advisories - RedmineVendor Advisory
-
https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd
mercurial: reject malicious command argument (#27516) · redmine/redmine@ca87bf7 · GitHubPatch;Third Party Advisory
-
https://www.redmine.org/issues/27516
RedminePermissions Required
Jump to