CVE-2018-16153

high

Description

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.

References

https://www.apereo.org/projects/opencast/news

https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51

https://github.com/advisories/GHSA-hcxx-mp6g-6gr9

https://docs.opencast.org/r/10.x/admin/#changelog

Details

Source: Mitre, NVD

Published: 2023-12-12

Updated: 2025-05-27

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N