CVE-2022-41965

Type:

URL Redirection to Untrusted Site ('Open Redirect')

Severity:

None

Publication date:

11/28/2022

Last modified:

12/01/2022

Description

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.

Impact

Access Vector: Unavailable

Access Complexity: Unavailable

Authentication: Unavailable

Impact Type: Unavailable

Vulnerable software and versions

cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

https://github.com/opencast/opencast/security/advisories/GHSA-r3qr-vwvg-43f7 (Source: CONFIRM)
https://github.com/opencast/opencast/commit/d2ce2321590f86b066a67e8c231cf68219aea017 (Source: MISC)

Explanation of fields

Corporate access

CVE-2022-41965