CVE-2020-5206 in Opencast정보

요약

\~에 의해 MITRE

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub, Inc.

예약하다

2020. 01. 02.

모더레이션

수락

항목

VDB-149576

CPE

준비됨

CWE

CWE-285 (확인됨)

CVSS

8.7 (NVD)

EPSS

0.00296

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-5206
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5206
CVE Details	https://www.cvedetails.com/cve/CVE-2020-5206/

◂ 이전 개요 다음 ▸

Do you know our Splunk app?

Download it now for free!