NVD

Id
30497  
Name
CVE-2014-1985  
Description
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-04-11  
Modified Date
2015-08-05  
Seq
2014-1985  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
161275 30497 CVE-2014-1985 [oss-security] 20140410 Re: CVE request: redmine open redirector  View
161276 30497 CVE-2014-1985 http://www.redmine.org/projects/redmine/wiki/Changelog  View
161277 30497 CVE-2014-1985 http://www.redmine.org/projects/redmine/wiki/Changelog_2_4  View
161278 30497 CVE-2014-1985 http://www.redmine.org/projects/redmine/wiki/Security_Advisories  View
161279 30497 CVE-2014-1985 66674  View
161280 30497 CVE-2014-1985 https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12023 JVNDB-2014-000041 Redmine におけるオープンリダイレクトの脆弱性 Redmine は、プロジェクト管理ソフトウェアです。Redmine には、URL パラメータのチェックが不十分なため、結果としてオープンリダイレクトの脆弱性が存在します。 CVE-2014-1985 69272 CVE-2014-1985 30497 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html 2014-04-16 2014-04-16 View