Vulnerability Description
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apereo | Opencast | >= 4.0, < 10.6 |
Related Weaknesses (CWE)
References
- https://docs.opencast.org/r/10.x/admin/#changelogRelease Notes
- https://github.com/advisories/GHSA-hcxx-mp6g-6gr9Third Party Advisory
- https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f7762Patch
- https://www.apereo.org/projects/opencast/newsRelease Notes
- https://docs.opencast.org/r/10.x/admin/#changelogRelease Notes
- https://github.com/advisories/GHSA-hcxx-mp6g-6gr9Third Party Advisory
- https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f7762Patch
- https://www.apereo.org/projects/opencast/newsRelease Notes
FAQ
What is CVE-2018-16153?
CVE-2018-16153 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
How severe is CVE-2018-16153?
CVE-2018-16153 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16153?
Check the references section above for vendor advisories and patch information. Affected products include: Apereo Opencast.