Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-8474

Опубликовано: 12 апр. 2016
Источник: ubuntu
Приоритет: medium
CVSS2: 5.8
CVSS3: 7.4

Описание

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.

РелизСтатусПримечание
artful

not-affected

3.2.0-1
bionic

not-affected

3.2.0-1
cosmic

not-affected

3.2.0-1
devel

not-affected

3.2.0-1
disco

not-affected

3.2.0-1
esm-apps/bionic

not-affected

3.2.0-1
esm-apps/xenial

not-affected

3.2.0-1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
precise

ignored

end of life
precise/esm

DNE

precise was needed

Показывать по

Ссылки на источники

5.8 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2015-8474

CVSS3: 7.4
nvd
почти 10 лет назад

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.

debian логотип

CVE-2015-8474

CVSS3: 7.4
debian
почти 10 лет назад

Open redirect vulnerability in the valid_back_url function in app/cont ...

github логотип

GHSA-jf8c-hh25-c3q7

CVSS3: 7.4
github
больше 3 лет назад

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.

5.8 Medium

CVSS2

7.4 High

CVSS3