Vulnerability DatabaseCVE-2014-1985
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-1985
Published:April 11, 2014
Updated:May 17, 2026
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
Related Resources (10)
https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
http://secunia.com/advisories/57524
http://www.redmine.org/projects/redmine/wiki/Changelog
http://www.securityfocus.com/bid/66674
https://security-tracker.debian.org/tracker/CVE-2014-1985
http://jvn.jp/en/jp/JVN93004610/index.html
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html
http://www.redmine.org/projects/redmine/wiki/Changelog_2_4
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://seclists.org/oss-sec/2014/q2/84
Do you need more information?
Contact Us
CVSS v3
Base Score:
4.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
5.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
1.82