Lucene search

K
cve[email protected]CVE-2014-1985
HistoryApr 11, 2014 - 2:55 p.m.

CVE-2014-1985

2014-04-1114:55:05
CWE-20
web.nvd.nist.gov
30
cve-2014-1985
open redirect
redmine
vulnerability
phishing
nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).

Affected configurations

NVD
Node
redmineredmineRange2.4.4
OR
redmineredmineMatch2.4.0
OR
redmineredmineMatch2.4.1
OR
redmineredmineMatch2.4.2
OR
redmineredmineMatch2.4.3
OR
redmineredmineMatch2.5.0

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%