CVE-2009-4079 — Cross-Site Request Forgery in Redmine

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 49.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redmine Debian Redmine

Timeline

PublishedNov 25

Latest updateMay 2

Description

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/redmine< redmine 0.9.0~svn2902-1 (bookworm)

▶Debianredmine/redmine< 0.9.0~svn2902-1+1

▶NVDredmine/redmine0.8.5+24

Patches

Patch: jvn.jp ↗Patch: jvndb.jvn.jp ↗Patch: rubyforge.org ↗

🔴Vulnerability Details

GHSA

GHSA-rm8f-p7g6-p8p4: Cross-site request forgery (CSRF) vulnerability in Redmine 0↗2022-05-02

▶

OSV

CVE-2009-4079: Cross-site request forgery (CSRF) vulnerability in Redmine 0↗2009-11-25

▶

📋Vendor Advisories

Debian

CVE-2009-4079: redmine - Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier all...↗2009

▶