VYPR
High severity7.4NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026

CVE-2015-8474

CVE-2015-8474

Description

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Redmine/Redmine9 versions
    cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*range: <=2.6.6
    • cpe:2.3:a:redmine:redmine:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redmine:redmine:3.1.0:*:*:*:*:*:*:*
    • (no CPE)range: <=2.6.6 | >=3.0.0 <3.0.5 | >=3.1.0 <3.1.1
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.