Lucene search

GitHub Advisory DatabaseGHSA-R3QR-VWVG-43F7

HistoryNov 30, 2022 - 9:22 p.m.

Authenticated OpenRedirect Vulnerability

2022-11-3021:22:23

CWE-601

GitHub Advisory Database

github.com

opencast

authentication

openredirect

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON

Description
Prior to Opencast 12.5 Opencast’s Paella authentication page could be used to redirect to an arbitrary URL for authenticated users.

Impact
The vulnerability allows attackers to redirect users to sites outside of your Opencast install, potentially facilitating phishing attacks or other security issues.

Patches
This issue is fixed in Opencast 12.5 and newer

References
Patch fixing the issue

If you have any questions or comments about this advisory:
Open an issue in our issue tracker
Email us at [email protected]

Affected configurations

Vulners

Node

org.opencastprojectopencast-commonRange<12.5

VendorProductVersionCPE
org.opencastprojectopencast-common*cpe:2.3:a:org.opencastproject:opencast-common:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.opencastproject	opencast-common	*	cpe:2.3:a:org.opencastproject:opencast-common::::::::

References

github.com/advisories/GHSA-r3qr-vwvg-43f7

github.com/opencast/opencast/commit/d2ce2321590f86b066a67e8c231cf68219aea017

github.com/opencast/opencast/security/advisories/GHSA-r3qr-vwvg-43f7

nvd.nist.gov/vuln/detail/CVE-2022-41965

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.2%

JSON

Related for GHSA-R3QR-VWVG-43F7