Description
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
Remediation
References
https://docs.opencast.org/r/10.x/admin/#changelog
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51
https://www.apereo.org/projects/opencast/news
Related Vulnerabilities
CVE-2020-17532 Vulnerability in maven package org.apache.servicecomb:foundation-config
CVE-2019-10411 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster
CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2018-8034 Vulnerability in maven package org.apache.tomcat:tomcat-websocket