High severity7.4NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026
CVE-2015-8474
CVE-2015-8474
Description
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=2.6.6
- cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*
- (no CPE)range: <=2.6.6 | >=3.0.0 <3.0.5 | >=3.1.0 <3.1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.