CVE-2017-18026 - OpenCVE

Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Redmine	Redmine

Configuration 1 [-]

OR	cpe:2.3:a:redmine:redmine::::::::
	cpe:2.3:a:redmine:redmine::::::::
	cpe:2.3:a:redmine:redmine::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd
https://www.debian.org/security/2018/dsa-4191
https://www.redmine.org/issues/27516
https://www.redmine.org/projects/redmine/wiki/Security_Advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-10T09:00:00

Updated: 2024-08-05T21:06:50.143Z

Reserved: 2018-01-10T00:00:00

Link: CVE-2017-18026

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-01-10T09:29:00.190

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-18026

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-04T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.redmine.org/issues/27516"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"}, {"name": "DSA-4191", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4191"}, {"tags": ["x_refsource_MISC"], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.redmine.org/issues/27516", "refsource": "MISC", "url": "https://www.redmine.org/issues/27516"}, {"name": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678", "refsource": "MISC", "url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"}, {"name": "DSA-4191", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4191"}, {"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", "refsource": "MISC", "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"}, {"name": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd", "refsource": "MISC", "url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"}, {"name": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e", "refsource": "MISC", "url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:06:50.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.redmine.org/issues/27516"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"}, {"name": "DSA-4191", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4191"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18026", "datePublished": "2018-01-10T09:00:00", "dateReserved": "2018-01-10T00:00:00", "dateUpdated": "2024-08-05T21:06:50.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "matchCriteriaId": "57E15DAF-8ECD-442F-B197-79CEE2D81138", "versionEndExcluding": "3.2.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "matchCriteriaId": "209D5EFB-2B31-4671-95B2-F7652E479373", "versionEndExcluding": "3.3.6", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*", "matchCriteriaId": "C595C3F2-6738-4B76-BB16-F19697A846A2", "versionEndExcluding": "3.4.4", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536."}, {"lang": "es", "value": "Redmine en versiones anteriores a la 3.2.9, 3.3.x anteriores a 3.3.6 y 3.4.x anteriores a 3.4.4 no bloquea los flags --config y --debugger en el programa Mercurial hg, lo que permite que los atacantes remotos ejecuten comandos arbitrarios (mediante el adaptador Mercurial) por medio de vectores que involucran una rama cuyo nombre empieza con una subcadena --config= o --debugger=. Esta vulnerabilidad est\u00e1 relacionada con CVE-2017-17536."}], "id": "CVE-2017-18026", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-10T09:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4191"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://www.redmine.org/issues/27516"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}