Candidate: CVE-2014-1985
PublicDate: 2014-04-11 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1985
 http://www.openwall.com/lists/oss-security/2014/04/10/11
 http://www.redmine.org/projects/redmine/wiki/Security_Advisories
Description:
 Open redirect vulnerability in the redirect_back_or_default function in
 app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x
 before 2.5.1 allows remote attackers to redirect users to arbitrary web
 sites and conduct phishing attacks via a URL in the back url (back_url
 parameter).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_redmine:
 upstream: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
upstream_redmine: released (2.4.5,2.5.1)
lucid_redmine: ignored (reached end-of-life)
precise_redmine: ignored (reached end-of-life)
precise/esm_redmine: DNE (precise was needed)
quantal_redmine: ignored (reached end-of-life)
saucy_redmine: ignored (reached end-of-life)
trusty_redmine: ignored (reached end-of-life)
trusty/esm_redmine: DNE (trusty was needed)
utopic_redmine: ignored (reached end-of-life)
vivid_redmine: ignored (reached end-of-life)
vivid/stable-phone-overlay_redmine: DNE
vivid/ubuntu-core_redmine: DNE
wily_redmine: ignored (reached end-of-life)
xenial_redmine: not-affected (2.5.1-2)
yakkety_redmine: ignored (reached end-of-life)
zesty_redmine: ignored (reached end-of-life)
artful_redmine: not-affected (2.5.1-2)
bionic_redmine: not-affected (2.5.1-2)
cosmic_redmine: not-affected (2.5.1-2)
disco_redmine: not-affected (2.5.1-2)
devel_redmine: not-affected (2.5.1-2)