Skip to content

Authenticated OpenRedirect Vulnerability

Moderate
gregorydlogan published GHSA-r3qr-vwvg-43f7 Nov 28, 2022

Package

maven opencast (Maven)

Affected versions

< 12.5

Patched versions

12.5

Description

Description
Prior to Opencast 12.5 Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users.

Impact
The vulnerability allows attackers to redirect users to sites outside of your Opencast install, potentially facilitating phishing attacks or other security issues.

Patches
This issue is fixed in Opencast 12.5 and newer

References
Patch fixing the issue

If you have any questions or comments about this advisory:
Open an issue in our issue tracker
Email us at security@opencast.org

Severity

Moderate

CVE ID

CVE-2022-41965

Weaknesses

Credits