CVE-2018-16153
HIGHApereo Opencast 4.0-10.5 - Insufficiently Protected Credentials via External Service Authentication
Title source: llmDescription
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.
References (4)
Core 4
Core References
Release Notes
https://docs.opencast.org/r/10.x/admin/#changelog
Third Party Advisory
https://github.com/advisories/GHSA-hcxx-mp6g-6gr9
Release Notes
https://www.apereo.org/projects/opencast/news
Scores
CVSS v3
7.5
EPSS
0.0083
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (2)
apereo/opencast
4.0 - 10.6
org.opencastproject/opencast-common
0 - 10.6Maven
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026