CVE-2018-16153

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-16153

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16153.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-16153

Aliases

GHSA-hcxx-mp6g-6gr9

Related

GHSA-hcxx-mp6g-6gr9

Published

2023-12-12T17:15:07.517Z

Modified

2026-04-11T18:44:14.995523Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

References

Affected packages

Git / github.com/opencast/opencast

Affected ranges

Type

GIT

Repo

https://github.com/opencast/opencast

Events

Introduced

77e712ad3fbdc390edeeccfb170b02d28247723e

Fixed

5178b6bdabd5e63d727bbf10fca8dc0dfbdebb35

Fixed

776d5588f39c61eb04c03bb955416c4f77629d51

Database specific

{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "10.6"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16153.json"