Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4929 — Redmine vulnerability

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

73.6%

top 1.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redmine Debian Redmine

Timeline

PublishedOct 8

Latest updateMay 17

Description

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/redmine< redmine 1.0.5-1 (bookworm)

▶Debianredmine/redmine< 1.0.5-1+1

▶NVDredmine/redmine12 versions+11

🔴Vulnerability Details

GHSA

GHSA-w2vv-gmgp-33q7: Unspecified vulnerability in the bazaar repository adapter in Redmine 0↗2022-05-17

▶

OSV

CVE-2011-4929: Unspecified vulnerability in the bazaar repository adapter in Redmine 0↗2012-10-08

▶

💥Exploits & PoCs

Exploit-DB

Redmine SCM Repository - Arbitrary Command Execution (Metasploit)↗2010-12-19

▶

Metasploit

Redmine SCM Repository Arbitrary Command Execution↗

▶

📋Vendor Advisories

Debian

CVE-2011-4929: redmine - Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and ...↗2011

▶