CVE-2018-16153

CVSS 7.5 HIGHEPSS 0.8%CWE-522

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Dec 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.opencast.org/r/10.x/admin/#changelog https://github.com/advisories/GHSA-hcxx-mp6g-6gr9 https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51 https://www.apereo.org/projects/opencast/news