Published: 11/04/2014 Updated: 16/12/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine prior to 2.4.5 and 2.5.x prior to 2.5.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).

Vulnerable Product	Search on Vulmon	Subscribe to Product
redmine redmine 2.4.2
redmine redmine 2.4.1
redmine redmine
redmine redmine 2.4.3
redmine redmine 2.4.0
redmine redmine 2.5.0

Debian Bug report logs - #743828 redmine: security: CVE-2014-1985: open redirector issue Package: redmine; Maintainer for redmine is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for redmine is src:redmine (PTS, buildd, popcon) Reported by: Paul Wise <pabs@debianorg> Da ...

CWE-20 http://www.redmine.org/projects/redmine/wiki/Changelog http://www.redmine.org/projects/redmine/wiki/Changelog_2_4 http://secunia.com/advisories/57524 https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3 http://www.redmine.org/projects/redmine/wiki/Security_Advisories http://seclists.org/oss-sec/2014/q2/84 http://www.securityfocus.com/bid/66674 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html http://jvn.jp/en/jp/JVN93004610/index.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743828 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1985

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect