CVE-2014-1985
Published Apr 11, 2014
Last updated 7 years ago
Overview
- Description
- Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
- Source
- vultures@jpcert.or.jp
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14A4B298-BCC4-4E4C-A538-28CD0E11F1A4",
"versionEndIncluding": "2.4.4"
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86858F9B-8A3B-4667-A42B-198862F0508E"
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64B5E6E0-4824-46AE-9518-A9E17FB74E84"
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E13CFD7-1981-49C4-9990-713C811DC851"
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A120F2B-AF7F-416E-929B-C2BF573F5032"
},
{
"criteria": "cpe:2.3:a:redmine:redmine:2.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F96EDC1C-A925-4D24-87B4-BA3AA993ABAF"
}
],
"operator": "OR"
}
]
}
]