Summary: | <www-apps/redmine-2.4.5: Unspecified Open Redirection Weakness (CVE-2014-1985) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | matsuu, pva |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/57524/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-07 15:59:22 UTC
redmine-2.4.5.ebuild was added to the tree. Old and vulnerable versions dropped. CVE-2014-1985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1985): Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter). (In reply to Peter Volkov from comment #1) > redmine-2.4.5.ebuild was added to the tree. Old and vulnerable versions > dropped. Thank you, Peter. Closing noglsa for ~arch only. |