CVE-2009-4079

Publication date 25 November 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.

Read the notes from the security team

Status

Package Ubuntu Release Status
redmine 18.04 LTS bionic
Not affected
17.10 artful
Not affected
17.04 zesty Ignored end of life
16.10 yakkety Ignored end of life
16.04 LTS xenial
Not affected
15.10 wily Ignored end of life
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

Notes

sbeattie

fixed before package made it into any archive

References

Other references