Lucene search

K
nvd[email protected]NVD:CVE-2015-8474
HistoryApr 12, 2016 - 2:59 p.m.

CVE-2015-8474

2016-04-1214:59:05
web.nvd.nist.gov
1

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.005

Percentile

76.0%

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by “@attacker.com,” a different vulnerability than CVE-2014-1985.

Affected configurations

NVD
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
redmineredmineRange2.6.6
OR
redmineredmineMatch2.5.1
OR
redmineredmineMatch3.0.0
OR
redmineredmineMatch3.0.1
OR
redmineredmineMatch3.0.2
OR
redmineredmineMatch3.0.3
OR
redmineredmineMatch3.0.4
OR
redmineredmineMatch3.1.0

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.005

Percentile

76.0%