Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine prior to 2.4.5 and 2.5.x prior to 2.5.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redmine redmine 2.4.2 |
||
redmine redmine 2.4.1 |
||
redmine redmine |
||
redmine redmine 2.4.3 |
||
redmine redmine 2.4.0 |
||
redmine redmine 2.5.0 |