CVE-2022-41965: Opencast Authenticated OpenRedirect Vulnerability
First published: Mon Nov 28 2022(Updated: )
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apereo Opencast | <12.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-41965?
CVE-2022-41965 is a vulnerability in Opencast, an open-source platform for managing educational audio and video content.
What is the severity of CVE-2022-41965?
CVE-2022-41965 has a severity rating of medium.
How does CVE-2022-41965 affect Opencast?
CVE-2022-41965 affects Opencast versions before 12.5.
How can an attacker exploit CVE-2022-41965?
An attacker can exploit CVE-2022-41965 by redirecting users to a malicious website through Opencast's Paella authentication page.
Is there a fix for CVE-2022-41965?
Yes, the vulnerability has been fixed in Opencast version 12.5.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/apereo
- canonical/apereo opencast