Unrated severityNVD Advisory· Published Nov 25, 2009· Updated Apr 23, 2026

CVE-2009-4079

Description

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

Affected products

Redmine/Redmine27 versions
cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:redmine:redmine:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=0.8.5
- cpe:2.3:a:redmine:redmine:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:0.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN87341298/index.htmlnvdPatch
jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.htmlnvdPatch
rubyforge.org/frs/shownotes.phpnvdPatch
www.redmine.org/wiki/redmine/ChangelognvdPatch
secunia.com/advisories/37420nvdVendor Advisory
www.vupen.com/english/advisories/2009/3291nvdVendor Advisory
www.securityfocus.com/bid/37066nvd
exchange.xforce.ibmcloud.com/vulnerabilities/54334nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000