CVE-2020-5206 in Opencast情報

要約

〜によって MITRE

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub, Inc.

予約する

2020年01月02日

モデレーション

承諾済み

エントリ

VDB-149576

CPE

準備完了

CWE

CWE-285 (確認済み)

CVSS

8.7 (NVD)

EPSS

0.00296

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-5206
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5206
CVE Details	https://www.cvedetails.com/cve/CVE-2020-5206/

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!