CVE-2018-16153

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-16153

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16153.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-16153

Aliases

GHSA-hcxx-mp6g-6gr9

Published

2023-12-12T17:15:07Z

Modified

2024-10-12T03:14:52.593080Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

References

Affected packages

Git / github.com/opencast/opencast

Affected ranges

Type: GIT
Repo: https://github.com/opencast/opencast
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

776d5588f39c61eb04c03bb955416c4f77629d51

Affected versions

1.*

1.4.0

1.4.1

1.4.2

1.4.2-rc2

1.4.3

1.4.4

1.4.4-rc1

1.5.0

1.5.0-rc1

1.5.0-rc2

1.5.0-rc3

1.5.0-rc4

1.5.0-rc5

1.5.0-rc6

1.5.0-rc7

1.5.1

1.6.0

1.6.0-RC1

1.6.0-beta1

1.6.0-beta2

1.6.0-beta3

1.6.0-beta4

1.6.1-RC1

2.*

2.0.0-beta1

2.0.0-beta2