Vulnerability in Redmine

CVE-2011-4929

Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.

EPSS: 0.736 (98.8th percentile) — read the EPSS interpretation.

Affected products

Redmine — versions 0.9.0, 0.9.1, 0.9.2
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

[oss-security] 20120106 CVE request: redmine issues (mailing-list, x_refsource_MLIST)
DSA-2261 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20120106 Re: CVE request: redmine issues (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2011-4929?: CVE-2011-4929 is a vulnerability in Redmine. Published 2012-10-08.
Is CVE-2011-4929 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.