CVE-2017-14143

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14143
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14143.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14143
Published
2017-09-19T15:29:01Z
Modified
2025-01-08T10:24:29.825461Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

References

Affected packages

Git / github.com/kaltura/server

Affected ranges

Type
GIT
Repo
https://github.com/kaltura/server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

IX-9.*

IX-9.0.0-rel
IX-9.11.0-rel
IX-9.12.0-rel
IX-9.13.0-rel
IX-9.14.0-rel
IX-9.15.0-rel
IX-9.16.0-rel
IX-9.17.0-rel
IX-9.18.0-rel
IX-9.19.0-part2-rel
IX-9.19.0-rel
IX-9.19.1-rel
IX-9.19.2-rel
IX-9.19.3-rel
IX-9.19.4-rel
IX-9.19.5-rel
IX-9.19.6-rel
IX-9.19.7-rel
IX-9.19.8-rel
IX-9.3.0-rel
IX-9.5.0-rel
IX-9.6.0-rel
IX-9.8.0-rel
IX-9.9.0-rel

Jupiter-10.*

Jupiter-10.0.0-rel
Jupiter-10.1.0-rel
Jupiter-10.10.0-rel
Jupiter-10.11.0-rel
Jupiter-10.12.0-rel
Jupiter-10.13.0-rel
Jupiter-10.14.0-rel
Jupiter-10.15.0-rel
Jupiter-10.16.0-rel
Jupiter-10.17.0-rel
Jupiter-10.18.0-rel
Jupiter-10.19.0-rel
Jupiter-10.2.0-rel
Jupiter-10.20.0-rel
Jupiter-10.21.0-rel
Jupiter-10.3.0-rel
Jupiter-10.4.0-rel
Jupiter-10.5.0-rel
Jupiter-10.6.0-rel
Jupiter-10.7.0-rel
Jupiter-10.8.0-rel
Jupiter-10.9.0-rel

Kajam-11.*

Kajam-11.0.0-rel
Kajam-11.10.0-rel
Kajam-11.11.0-rel
Kajam-11.12.0-rel
Kajam-11.13.0-rel
Kajam-11.14.0-rel
Kajam-11.15.0-rel
Kajam-11.16.0-rel
Kajam-11.17.0-rel
Kajam-11.18.0-rel
Kajam-11.19.0-rel
Kajam-11.2.0-rel
Kajam-11.20.0-rel
Kajam-11.21.0-rel
Kajam-11.3.0-rel
Kajam-11.4.0-rel
Kajam-11.5.0-rel
Kajam-11.6.0-rel
Kajam-11.7.0-rel
Kajam-11.8.0-rel
Kajam-11.9.0-rel

Lynx-12.*

Lynx-12.0.0-rel
Lynx-12.1.0-rel
Lynx-12.10.0-rel
Lynx-12.11.0-rel
Lynx-12.12.0-rel
Lynx-12.13.0-rel
Lynx-12.14.0-rel
Lynx-12.15.0-rel
Lynx-12.16.0-rel
Lynx-12.17.0-rel
Lynx-12.18.0-rel
Lynx-12.19.0-rel
Lynx-12.2.0-rel
Lynx-12.20.0-rel
Lynx-12.3.0-rel
Lynx-12.4.0-rel
Lynx-12.5.0-rel
Lynx-12.6.0-rel
Lynx-12.7.0-rel
Lynx-12.8.0-rel
Lynx-12.9.0-rel

Mercury-13.*

Mercury-13.0.0-rel
Mercury-13.1.0-rel

kajam-11.*

kajam-11.1.0-rel