CVE-2022-41965
MEDIUMOpencast < 12.5 - Authenticated Open Redirect via Paella Authentication Page
Title source: llmDescription
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/opencast/opencast/commit/d2ce2321590f86b066a67e8c231cf68219aea017
Third Party Advisory
https://github.com/opencast/opencast/security/advisories/GHSA-r3qr-vwvg-43f7
Scores
CVSS v3
5.7
EPSS
0.0035
EPSS Percentile
26.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (2)
apereo/opencast
< 12.5
org.opencastproject/opencast-common
0 - 12.5Maven
Published
Nov 28, 2022
Tracked Since
Feb 18, 2026