Description

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

Remediation

References

https://docs.opencast.org/r/10.x/admin/#changelog

https://github.com/advisories/GHSA-hcxx-mp6g-6gr9

https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51

https://www.apereo.org/projects/opencast/news

Related Vulnerabilities

CVE-2020-7656 Vulnerability in maven package org.fujion.webjars:jquery

CVE-2023-30513 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

CVE-2019-10754 Vulnerability in maven package org.apereo.cas:cas-server-support-oauth-core-api

CVE-2020-28460 Vulnerability in npm package multi-ini

CVE-2019-16563 Vulnerability in maven package tech.andrey.jenkins:mission-control-view

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Release Notes Third Party Advisory Patch