Lucene search

Japan Vulnerability NotesJVN:93004610

HistoryApr 16, 2014 - 12:00 a.m.

JVN#93004610: Redmine vulnerable to open redirect

2014-04-1600:00:00

Japan Vulnerability Notes

jvn.jp

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter.

Impact

A user who logs into Redmine may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Solution

Update the software
Update to the latest version according to the infomration provided by the developer.

Products Affected

Redmine versions prior to 2.5.1
Redmine versions prior to 2.4.5

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for JVN:93004610

freebsd1 prion2 cve2 ubuntucve2 nvd2 debiancve2 cvelist2 nessus1