CVE-2009-4079
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
| Software | From | Fixed in |
|---|---|---|
| redmine / redmine | 0.6.0 | 0.6.0.x |
| redmine / redmine | 0.4.1 | 0.4.1.x |
| redmine / redmine | 0.7.0-rc1 | 0.7.0-rc1.x |
| redmine / redmine | 0.7.4 | 0.7.4.x |
| redmine / redmine | 0.7.0 | 0.7.0.x |
| redmine / redmine | 0.2.2 | 0.2.2.x |
| redmine / redmine | 0.7.3 | 0.7.3.x |
| redmine / redmine | 0.6.3 | 0.6.3.x |
| redmine / redmine | 0.5.0 | 0.5.0.x |
| redmine / redmine | 0.6.1 | 0.6.1.x |
| redmine / redmine | 0.7.2 | 0.7.2.x |
| redmine / redmine | 0.7.1 | 0.7.1.x |
| redmine / redmine | 0.8.4 | 0.8.4.x |
| redmine / redmine | 0.6.2 | 0.6.2.x |
| redmine / redmine | 0.4.0 | 0.4.0.x |
| redmine / redmine | 0.8.0 | 0.8.0.x |
| redmine / redmine | 0.8.0-rc1 | 0.8.0-rc1.x |
| redmine / redmine | 0.1.0 | 0.1.0.x |
| redmine / redmine | 0.6.4 | 0.6.4.x |
| redmine / redmine | 0.4.2 | 0.4.2.x |
| redmine / redmine | 0.2.1 | 0.2.1.x |
| redmine / redmine | 0.8.3 | 0.8.3.x |
| redmine / redmine | 0.5.1 | 0.5.1.x |
| redmine / redmine | 0.8.1 | 0.8.1.x |
| redmine / redmine | 0.8.2 | 0.8.2.x |
| redmine / redmine | 0.3.0 | 0.3.0.x |
| redmine / redmine | - | 0.8.5.x |
- http://jvn.jp/en/jp/JVN87341298/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html
- http://rubyforge.org/frs/shownotes.php?release_id=41440
- http://secunia.com/advisories/37420
- http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15
- http://www.securityfocus.com/bid/37066
- http://www.vupen.com/english/advisories/2009/3291
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54334
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime