Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Redmine 开放重定向漏洞
Vulnerability Description
Redmine是一套开源的基于Web的项目管理和缺陷跟踪工具。该工具提供项目管理、问题跟踪和基于角色的访问控制等功能。 Redmine 2.4.4及之前版本和2.5.0版本的app/controllers/application_controller.rb文件中的‘redirect_back_or_default’函数存在开放重定向漏洞。远程攻击者可借助back_url参数中的URL利用该漏洞重定向用户到任意网站,进而实施钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A