CVE-2014-1985

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redmine:redmine:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redmine:redmine:2.5.0:*:*:*:*:*:*:*

Information

Published : 2014-04-11 07:55

Updated : 2017-12-15 18:29


NVD link : CVE-2014-1985

Mitre link : CVE-2014-1985


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

redmine

  • redmine