Lucene search

PRIOn knowledge basePRION:CVE-2009-4079

HistoryNov 25, 2009 - 10:00 p.m.

Cross site request forgery (csrf)

2009-11-2522:00:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

CPENameOperatorVersion
redmineeq0.6.0
redmineeq0.4.1
redmineeq0.7.0 rc1
redmineeq0.7.4
redmineeq0.7.0
redmineeq0.2.2
redmineeq0.7.3
redmineeq0.6.3
redmineeq0.5.0
redmineeq0.6.1

Rows per page:

1-10 of 271

References

jvn.jp/en/jp/JVN87341298/index.html

jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html

rubyforge.org/frs/shownotes.php?release_id=41440

secunia.com/advisories/37420

www.redmine.org/wiki/redmine/Changelog

www.securityfocus.com/bid/37066

www.vupen.com/english/advisories/2009/3291

exchange.xforce.ibmcloud.com/vulnerabilities/54334

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for PRION:CVE-2009-4079

ubuntucve1 jvn1 cve1 debiancve1

Name	Operator	Version
redmine	eq	0.6.0
redmine	eq	0.4.1
redmine	eq	0.7.0 rc1
redmine	eq	0.7.4
redmine	eq	0.7.0
redmine	eq	0.2.2
redmine	eq	0.7.3
redmine	eq	0.6.3
redmine	eq	0.5.0
redmine	eq	0.6.1