Lucene search

GoogleOSV:CVE-2018-16153

HistoryDec 12, 2023 - 5:15 p.m.

CVE-2018-16153

2023-12-1217:15:07

Google

osv.dev

apereo opencast

system credentials

external services

authentication

cve-2018-16153

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.0%

JSON

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

CPENameOperatorVersion
opencasteq1.5.0-rc2
opencasteq1.4.4-rc1
opencasteq1.6.0-beta2
opencasteq1.5.0-rc5
opencasteq1.5.0-rc6
opencasteq1.5.0-rc1
opencasteq1.6.0-RC1
opencasteq1.6.1-RC1
opencasteq1.6.0
opencasteq1.4.3

Name	Operator	Version
opencast	eq	1.5.0-rc2
opencast	eq	1.4.4-rc1
opencast	eq	1.6.0-beta2
opencast	eq	1.5.0-rc5
opencast	eq	1.5.0-rc6
opencast	eq	1.5.0-rc1
opencast	eq	1.6.0-RC1
opencast	eq	1.6.1-RC1
opencast	eq	1.6.0
opencast	eq	1.4.3

Rows per page:

1-10 of 251

References

docs.opencast.org/r/10.x/admin/#changelog

github.com/advisories/GHSA-hcxx-mp6g-6gr9

github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51

www.apereo.org/projects/opencast/news

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for OSV:CVE-2018-16153