Description

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

Remediation

References

https://www.apereo.org/projects/opencast/news

https://github.com/advisories/GHSA-hcxx-mp6g-6gr9

https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51

https://docs.opencast.org/r/10.x/admin/#changelog

Related Vulnerabilities

CVE-2017-16094 Vulnerability in npm package iter-http

CVE-2022-25912 Vulnerability in npm package simple-git

CVE-2018-19413 Vulnerability in maven package org.sonarsource.sonarqube:sonar-plugin-api

CVE-2023-22467 Vulnerability in npm package luxon

CVE-2022-36892 Vulnerability in maven package org.jenkins-ci.plugins:rhnpush-plugin

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Release Notes Third Party Advisory Patch