CVE-2022-41965
Last modified
CVE-2022-41965 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apereo | Opencast | < 12.5 |
References
- https://github.com/opencast/opencast/commit/d2ce2321590f86b066a67e8c231cf68219aea017Patch, Third Party Advisory
- https://github.com/opencast/opencast/security/advisories/GHSA-r3qr-vwvg-43f7Third Party Advisory
- https://github.com/opencast/opencast/commit/d2ce2321590f86b066a67e8c231cf68219aea017Patch, Third Party Advisory
- https://github.com/opencast/opencast/security/advisories/GHSA-r3qr-vwvg-43f7Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-41965?
How severe is CVE-2022-41965?
How do I fix CVE-2022-41965?
Are you affected by CVE-2022-41965?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST