3 matches found
Debian DSA-4191-1 : redmine - security update
Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
CVE-2017-18026
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands through the Mercurial adapter via vectors involving a branch whose name begins with a --config...
CVE-2017-18026
CVE-2017-18026 affects Redmine: versions prior to 3.2.9, 3.3.x prior to 3.3.6, and 3.4.x prior to 3.4.4 fail to block the Mercurial hg flags --config and --debugger, enabling remote command execution via the Mercurial adapter when a branch name starts with --config= or --debugger=. Root cause is ...