Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Redmine | Redmine | 0.6.0 | 0.6.0 |
Redmine | Redmine | 0.4.1 | 0.4.1 |
Redmine | Redmine | 0.7.0 | 0.7.0 |
Redmine | Redmine | 0.7.4 | 0.7.4 |
Redmine | Redmine | 0.7.0 | 0.7.0 |
Redmine | Redmine | 0.2.2 | 0.2.2 |
Redmine | Redmine | 0.7.3 | 0.7.3 |
Redmine | Redmine | 0.6.3 | 0.6.3 |
Redmine | Redmine | 0.5.0 | 0.5.0 |
Redmine | Redmine | 0.6.1 | 0.6.1 |
Redmine | Redmine | 0.7.2 | 0.7.2 |
Redmine | Redmine | 0.7.1 | 0.7.1 |
Redmine | Redmine | 0.8.4 | 0.8.4 |
Redmine | Redmine | 0.6.2 | 0.6.2 |
Redmine | Redmine | 0.4.0 | 0.4.0 |
Redmine | Redmine | 0.8.0 | 0.8.0 |
Redmine | Redmine | 0.8.0 | 0.8.0 |
Redmine | Redmine | 0.1.0 | 0.1.0 |
Redmine | Redmine | 0.6.4 | 0.6.4 |
Redmine | Redmine | 0.4.2 | 0.4.2 |
Redmine | Redmine | 0.2.1 | 0.2.1 |
Redmine | Redmine | 0.8.3 | 0.8.3 |
Redmine | Redmine | 0.5.1 | 0.5.1 |
Redmine | Redmine | 0.8.1 | 0.8.1 |
Redmine | Redmine | 0.8.2 | 0.8.2 |
Redmine | Redmine | 0.3.0 | 0.3.0 |
Redmine | Redmine | * | 0.8.5 |