GHSA-r3qr-vwvg-43f7: Authenticated OpenRedirect Vulnerability

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2022-41965

Authenticated OpenRedirect Vulnerability

Moderate severity GitHub Reviewed Published Nov 30, 2022 in opencast/opencast • Updated Nov 30, 2022

Vulnerability details Dependabot alerts 0

Package

maven org.opencastproject:opencast-common (Maven)

Affected versions

< 12.5

Patched versions

12.5

Description

Description
Prior to Opencast 12.5 Opencast’s Paella authentication page could be used to redirect to an arbitrary URL for authenticated users.

Impact
The vulnerability allows attackers to redirect users to sites outside of your Opencast install, potentially facilitating phishing attacks or other security issues.

Patches
This issue is fixed in Opencast 12.5 and newer

References
Patch fixing the issue

If you have any questions or comments about this advisory:
Open an issue in our issue tracker
Email us at [email protected]

References

• GHSA-r3qr-vwvg-43f7
• https://nvd.nist.gov/vuln/detail/CVE-2022-41965
• opencast/opencast@d2ce232

gregorydlogan published the maintainer security advisory

Nov 28, 2022

Severity

Moderate

Weaknesses

CWE-601

CVE ID

CVE-2022-41965

GHSA ID

GHSA-r3qr-vwvg-43f7

Source code

opencast/opencast

Credits

• geichelberger

Checking history

See something to contribute? Suggest improvements for this vulnerability.