CVE-2018-16153

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

Ссылки

https://docs.opencast.org/r/10.x/admin/#changelog
Release Notes
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
Third Party Advisory
https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51
Patch
https://www.apereo.org/projects/opencast/news
Release Notes
https://docs.opencast.org/r/10.x/admin/#changelog
Release Notes
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
Third Party Advisory
https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51
Patch
https://www.apereo.org/projects/opencast/news
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 10.6 (исключая)

EPSS

Процентиль: 45%

0.00227

Низкий

7.5 High

CVSS3

Дефекты

CWE-522

Связанные уязвимости

GHSA-hcxx-mp6g-6gr9