Lucene search

[email protected]NVD:CVE-2014-1985

HistoryApr 11, 2014 - 2:55 p.m.

CVE-2014-1985

2014-04-1114:55:05

CWE-20

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).

Affected configurations

NVD

Node

redmineredmineRange≤2.4.4

redmineredmineMatch2.4.0

redmineredmineMatch2.4.1

redmineredmineMatch2.4.2

redmineredmineMatch2.4.3

redmineredmineMatch2.5.0

References

jvn.jp/en/jp/JVN93004610/index.html

jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html

seclists.org/oss-sec/2014/q2/84

secunia.com/advisories/57524

www.redmine.org/projects/redmine/wiki/Changelog

www.redmine.org/projects/redmine/wiki/Changelog_2_4

www.redmine.org/projects/redmine/wiki/Security_Advisories

www.securityfocus.com/bid/66674

github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for NVD:CVE-2014-1985

freebsd1 prion2 jvn1 cve2 ubuntucve2 nessus1 debiancve2 cvelist2 nvd1