Description
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
Remediation
References
https://docs.opencast.org/r/10.x/admin/#changelog
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51
https://www.apereo.org/projects/opencast/news
Related Vulnerabilities
CVE-2019-14862 Vulnerability in npm package knockout
CVE-2019-0205 Vulnerability in maven package org.webjars.bower:thrift
CVE-2019-10802 Vulnerability in npm package giting
CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar
CVE-2020-8215 Vulnerability in maven package org.webjars.npm:canvas