3 matches found
CVE-2015-8474
Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...
CVE-2015-8474
CVE-2015-8474 is an open redirect vulnerability in Redmine's valid_back_url function (app/controllers/application_controller.rb). The issue affects Redmine releases prior to: 2.6.7, 3.0.x prior to 3.0.5, and 3.1.x prior to 3.1.1. An attacker can craft a back_url parameter to redirect victims to a...
[SECURITY] [DSA 3529-1] redmine security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3529-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 23, 2016 https://www.debian.org/security/faq -...