Lucene search
HistoryDec 28, 2014 - 12:59 a.m.
CVE-2013-4663
cve-2013-4663
redmine
git
remote execution
shell metacharacters
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.4%
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.
Affected configurations
Node
redmineredmine_git_hosting_pluginMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| redmine:redmine_git_hosting_plugin | redmine redmine git hosting plugin | eq | - |
Related
cvelist
cvelist
CVE-2013-4663
2014-12-28 00:00:00
nvd
nvd
CVE-2013-4663
2014-12-28 00:59:02
prion
prion
Open redirect
2014-12-28 00:59:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.4%
Related for CVE-2013-4663