Predictable Random Number Generator (PRNG)

org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Use of a Predictable Random Number Generator PRNG. The vulnerability is due to the use of java.util.Random, a non-cryptographic PRNG, for initializing the AES256TextEncryptor password, which allows an attacker to predict the encryption k...

org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)

org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: SNYK:JAVA-ORGSAKAIPROJECTKERNEL-13669871...

org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)

org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: OSV:GHSA-GR7H-XW4F-WH86...

EUVD-2025-35623

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl...

SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

Impact Illegal access can be granted to the system. References see https://sakaiproject.atlassian.net/browse/SAK-50571...

GHSA-CX95-Q6GX-W4QP SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

Impact Illegal access can be granted to the system. References see https://sakaiproject.atlassian.net/browse/SAK-50571...