3 matches found
CVE-2020-36247
Open OnDemand is affected by a CSRF vulnerability affecting versions prior to 1.5.7 and 1.6.x prior to 1.6.22. The issue is described as a CSRF exposure, with CVSS metrics indicating a network attack vector and potential high impact on confidentiality, integrity, and availability (per the 3.1 met...
CVE-2026-26002
CVE-2026-26002 affects the Open OnDemand Files application. Versions prior to 4.0.9 and 4.1.3 are susceptible to malicious input when navigating to a directory. This issue has been patched in 4.0.9 and 4.1.3; versions below these remain vulnerable. Remediation: upgrade to 4.0.9 or 4.1.3 or later ...
CVE-2025-66029
Open OnDemand (prior to 4.1) is affected: the Apache proxy in 4.0.8 and earlier may pass sensitive headers to origin servers, enabling an attacker to set up an origin server on a compute node that records headers when users connect. A fix is expected in the 4.1 release; for 4.0.x workarounds exis...