Lucene search

K
jvnJapan Vulnerability NotesJVN:93004610
HistoryApr 16, 2014 - 12:00 a.m.

JVN#93004610: Redmine vulnerable to open redirect

2014-04-1600:00:00
Japan Vulnerability Notes
jvn.jp
8

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.005

Percentile

76.0%

Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.

Impact

A user who logs into Redmine may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Solution

Update the software
Update to the latest version according to the infomration provided by the developer.

Products Affected

  • Redmine versions prior to 2.5.1
  • Redmine versions prior to 2.4.5

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.005

Percentile

76.0%