Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
99 vulnerabilities by apereo
CERTFR-2026-AVI-0780
Vulnerability from certfr_avis - Published: 2026-06-19 - Updated: 2026-06-19
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apereo CAS versions 7.3.x ant\u00e9rieures \u00e0 7.3.7.3",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-06-19T00:00:00",
"last_revision_date": "2026-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0780",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apereo CAS. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Apereo CAS",
"vendor_advisories": [
{
"published_at": "2026-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo vuln",
"url": "https://apereo.github.io/2026/06/18/vuln/"
}
]
}
CERTFR-2026-AVI-0706
Vulnerability from certfr_avis - Published: 2026-06-09 - Updated: 2026-06-09
De multiples vulnérabilités ont été découvertes dans Apereo CAS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CAS versions 7.3.x ant\u00e9rieures \u00e0 7.3.7.2 ",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-06-09T00:00:00",
"last_revision_date": "2026-06-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0706",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apereo CAS. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apereo CAS",
"vendor_advisories": [
{
"published_at": "2026-06-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo vuln",
"url": "https://apereo.github.io/2026/06/06/vuln/"
}
]
}
CERTFR-2026-AVI-0654
Vulnerability from certfr_avis - Published: 2026-05-28 - Updated: 2026-05-28
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CAS versions ant\u00e9rieures \u00e0 7.3.7.1",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-05-28T00:00:00",
"last_revision_date": "2026-05-28T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0654",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apereo CAS. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Apereo CAS",
"vendor_advisories": [
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo oidc-vuln",
"url": "https://apereo.github.io/2026/05/27/oidc-vuln/"
}
]
}
CERTFR-2026-AVI-0625
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Apereo. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Java CAS client versions ant\u00e9rieures \u00e0 4.1.1",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0625",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apereo. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apereo",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo casc-jwt-vuln",
"url": "https://apereo.github.io/2026/05/20/casc-jwt-vuln/"
}
]
}
CERTFR-2026-AVI-0250
Vulnerability from certfr_avis - Published: 2026-03-09 - Updated: 2026-03-09
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apereo CAS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7.1",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
},
{
"description": "Apereo CAS versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-03-09T00:00:00",
"last_revision_date": "2026-03-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0250",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apereo CAS. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Apereo CAS",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo jwt-vuln",
"url": "https://apereo.github.io/2026/03/06/jwt-vuln/"
}
]
}
CERTFR-2025-AVI-0829
Vulnerability from certfr_avis - Published: 2025-09-29 - Updated: 2025-09-29
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apereo CAS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7 si configur\u00e9 pour servir de fournisseur d\u0027identit\u00e9 OAuth/OpenID",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
},
{
"description": "Apereo CAS versions 7.1.x ant\u00e9rieures \u00e0 7.1.6.2 si configur\u00e9 pour servir de fournisseur d\u0027identit\u00e9 OAuth/OpenID",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-09-29T00:00:00",
"last_revision_date": "2025-09-29T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0829",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apereo CAS. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Apereo CAS",
"vendor_advisories": [
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo oauth-oidc-vuln",
"url": "https://apereo.github.io/2025/09/25/oauth-oidc-vuln/"
}
]
}
CERTFR-2025-AVI-0712
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Apereo CAS. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CAS versions 7.1.x ant\u00e9rieures \u00e0 7.1.6.1",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
},
{
"description": "CAS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "CAS",
"vendor": {
"name": "Apereo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"links": [],
"reference": "CERTFR-2025-AVI-0712",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Apereo CAS. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans Apereo CAS",
"vendor_advisories": [
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Apereo simplemfa-vuln",
"url": "https://apereo.github.io/2025/08/19/simplemfa-vuln/"
}
]
}
CVE-2026-32985 (GCVE-0-2026-32985)
Vulnerability from nvd – Published: 2026-03-20 00:06 – Updated: 2026-03-20 17:37
VLAI
Title
Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution
Summary
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the import.php file to upload a template archive with PHP code in the media directory, which gets extracted to a web-accessible path where the malicious PHP can be directly accessed and executed under the web server context.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://xot.xerte.org.uk/ | product |
| https://packetstorm.news/files/id/216288/ | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Xerte | Xerte Online Toolkits |
Affected:
0 , ≤ 3.14
(custom)
|
Date Public
2026-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T14:18:57.386429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T14:19:58.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xerte Online Toolkits",
"vendor": "Xerte",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "indoushka"
}
],
"datePublic": "2026-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eXerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the import.php file to upload a template archive with PHP code in the media directory, which gets extracted to a web-accessible path where the malicious PHP can be directly accessed and executed under the web server context.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the import.php file to upload a template archive with PHP code in the media directory, which gets extracted to a web-accessible path where the malicious PHP can be directly accessed and executed under the web server context."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T17:37:59.034Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Xerte Online Toolkits - Vendor Homepage",
"tags": [
"product"
],
"url": "https://xot.xerte.org.uk/"
},
{
"name": "Packet Storm listing (Xerte Online Toolkits 3.14 Shell Upload)",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/216288/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xerte Online Toolkits \u003c= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-32985",
"datePublished": "2026-03-20T00:06:28.759Z",
"dateReserved": "2026-03-17T11:31:56.956Z",
"dateUpdated": "2026-03-20T17:37:59.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61906 (GCVE-0-2025-61906)
Vulnerability from nvd – Published: 2025-10-08 18:06 – Updated: 2025-10-08 18:24
VLAI
Title
Opencast's editor accidentally publishes videos/overwrites publications #1626
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for publishing, and thus possibly exposing internal media. This risk of this actually impacting someone is very low, though. This can only be triggered by users with write access to an event. They also have to use the editor, which is usually an action taken if they want to publish media and not something users would use on internal media they do not want to publish. Finally, they have to first click on "Save & Publish" before then selecting the "Save" option. Nevertheless, while very unlikely, this can happen. This issue is fixed in Opencast 17.8 and 18.2.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast-editor/issues/1626 | x_refsource_MISC |
| https://github.com/opencast/opencast-editor/commi… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T18:23:56.149714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:24:05.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.8"
},
{
"status": "affected",
"version": "\u003e= 18.0, \u003c 18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast\u0027s editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for publishing, and thus possibly exposing internal media. This risk of this actually impacting someone is very low, though. This can only be triggered by users with write access to an event. They also have to use the editor, which is usually an action taken if they want to publish media and not something users would use on internal media they do not want to publish. Finally, they have to first click on \"Save \u0026 Publish\" before then selecting the \"Save\" option. Nevertheless, while very unlikely, this can happen. This issue is fixed in Opencast 17.8 and 18.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:06:58.178Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-x6vw-p693-jjhv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-x6vw-p693-jjhv"
},
{
"name": "https://github.com/opencast/opencast-editor/issues/1626",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast-editor/issues/1626"
},
{
"name": "https://github.com/opencast/opencast-editor/commit/98ba1934f08f623f1537a9675cc452d803766a91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast-editor/commit/98ba1934f08f623f1537a9675cc452d803766a91"
}
],
"source": {
"advisory": "GHSA-x6vw-p693-jjhv",
"discovery": "UNKNOWN"
},
"title": "Opencast\u0027s editor accidentally publishes videos/overwrites publications #1626"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61906",
"datePublished": "2025-10-08T18:06:58.178Z",
"dateReserved": "2025-10-03T22:21:59.613Z",
"dateUpdated": "2025-10-08T18:24:05.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61788 (GCVE-0-2025-61788)
Vulnerability from nvd – Published: 2025-10-08 18:03 – Updated: 2025-10-08 18:26
VLAI
Title
Opencast Paella Player 7 vulnerable to Cross-Site-Scripting
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodified. The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers of users watching the prepared media. This can then be used to modify the site or to execute actions in the name of logged-in users. To inject malicious metadata, an attacker needs write access to the system. For example, the ability to upload media and modify metadata. This cannot be exploited by unauthenticated users. This issue is fixed in Opencast 17.8 and 18.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/commit/28095… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T18:26:03.593427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:26:13.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.8"
},
{
"status": "affected",
"version": "\u003e= 18.0, \u003c 18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodified. The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers of users watching the prepared media. This can then be used to modify the site or to execute actions in the name of logged-in users. To inject malicious metadata, an attacker needs write access to the system. For example, the ability to upload media and modify metadata. This cannot be exploited by unauthenticated users. This issue is fixed in Opencast 17.8 and 18.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:03:22.518Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-m2vg-rmq6-p62r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-m2vg-rmq6-p62r"
},
{
"name": "https://github.com/opencast/opencast/commit/2809520fa88d108d8104c760f00c10bad42c14f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/2809520fa88d108d8104c760f00c10bad42c14f9"
}
],
"source": {
"advisory": "GHSA-m2vg-rmq6-p62r",
"discovery": "UNKNOWN"
},
"title": "Opencast Paella Player 7 vulnerable to Cross-Site-Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61788",
"datePublished": "2025-10-08T18:03:22.518Z",
"dateReserved": "2025-09-30T19:43:49.903Z",
"dateUpdated": "2025-10-08T18:26:13.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55202 (GCVE-0-2025-55202)
Vulnerability from nvd – Published: 2025-08-29 15:35 – Updated: 2025-08-29 16:00
VLAI
Title
Opencast has a partial path traversal vulnerability in UI config
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/pull/6979 | x_refsource_MISC |
| https://github.com/opencast/opencast/commit/e2cc6… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T16:00:17.803985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T16:00:31.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.7"
},
{
"status": "affected",
"version": "= 18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T15:35:35.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-hq8m-v68g-8cf8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-hq8m-v68g-8cf8"
},
{
"name": "https://github.com/opencast/opencast/pull/6979",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/pull/6979"
},
{
"name": "https://github.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009"
}
],
"source": {
"advisory": "GHSA-hq8m-v68g-8cf8",
"discovery": "UNKNOWN"
},
"title": "Opencast has a partial path traversal vulnerability in UI config"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55202",
"datePublished": "2025-08-29T15:35:35.338Z",
"dateReserved": "2025-08-08T21:55:07.965Z",
"dateUpdated": "2025-08-29T16:00:31.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54380 (GCVE-0-2025-54380)
Vulnerability from nvd – Published: 2025-07-26 03:28 – Updated: 2025-07-28 19:00
VLAI
Title
Opencast still publishes global system account credentials
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/security/adv… | x_refsource_MISC |
| https://github.com/opencast/opencast/commit/e8980… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:59:53.905632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:00:02.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:28:25.194Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-j63h-hmgw-x4j7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-j63h-hmgw-x4j7"
},
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-hcxx-mp6g-6gr9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-hcxx-mp6g-6gr9"
},
{
"name": "https://github.com/opencast/opencast/commit/e8980435342149375802648b9c9e696c9a5f0c9a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/e8980435342149375802648b9c9e696c9a5f0c9a"
}
],
"source": {
"advisory": "GHSA-j63h-hmgw-x4j7",
"discovery": "UNKNOWN"
},
"title": "Opencast still publishes global system account credentials"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54380",
"datePublished": "2025-07-26T03:28:25.194Z",
"dateReserved": "2025-07-21T16:12:20.733Z",
"dateUpdated": "2025-07-28T19:00:02.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3986 (GCVE-0-2025-3986)
Vulnerability from nvd – Published: 2025-04-27 21:00 – Updated: 2025-04-28 17:38
VLAI
Title
Apereo CAS CasConfigurationMetadataServerController.java redos
Summary
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306322 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306322 | signaturepermissions-required |
| https://vuldb.com/?submit.557473 | third-party-advisory |
| https://wx.mail.qq.com/s?k=rk-m8GwRMVMcOjBY1a | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T17:34:50.472484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T17:38:45.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "caichaoxiong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\\core\\cas-server-core-configuration-metadata-repository\\src\\main\\java\\org\\apereo\\cas\\metadata\\rest\\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Apereo CAS 5.2.6 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei cas-5.2.6\\core\\cas-server-core-configuration-metadata-repository\\src\\main\\java\\org\\apereo\\cas\\metadata\\rest\\CasConfigurationMetadataServerController.java. Mittels dem Manipulieren des Arguments Name mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T21:00:07.694Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306322 | Apereo CAS CasConfigurationMetadataServerController.java redos",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306322"
},
{
"name": "VDB-306322 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306322"
},
{
"name": "Submit #557473 | Apereo CAS v5.2.6 ReDos Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.557473"
},
{
"tags": [
"exploit"
],
"url": "https://wx.mail.qq.com/s?k=rk-m8GwRMVMcOjBY1a"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:12:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS CasConfigurationMetadataServerController.java redos"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3986",
"datePublished": "2025-04-27T21:00:07.694Z",
"dateReserved": "2025-04-26T08:07:08.619Z",
"dateUpdated": "2025-04-28T17:38:45.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3985 (GCVE-0-2025-3985)
Vulnerability from nvd – Published: 2025-04-27 20:31 – Updated: 2025-04-28 18:09
VLAI
Title
Apereo CAS ResponseEntity redos
Summary
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306321 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306321 | signaturepermissions-required |
| https://vuldb.com/?submit.557110 | third-party-advisory |
| https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:02:23.445535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:01.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "caichaoxiong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Apereo CAS 5.2.6 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion ResponseEntity der Datei cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\ManageRegisteredServicesMultiActionController.java. Durch Manipulation des Arguments Query mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T20:31:06.556Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306321 | Apereo CAS ResponseEntity redos",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306321"
},
{
"name": "VDB-306321 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306321"
},
{
"name": "Submit #557110 | Apereo CAS v5.2.6 ReDos regular expression engine denial of service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.557110"
},
{
"tags": [
"exploit"
],
"url": "https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:12:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS ResponseEntity redos"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3985",
"datePublished": "2025-04-27T20:31:06.556Z",
"dateReserved": "2025-04-26T08:07:05.931Z",
"dateUpdated": "2025-04-28T18:09:01.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3984 (GCVE-0-2025-3984)
Vulnerability from nvd – Published: 2025-04-27 20:00 – Updated: 2025-04-28 18:09
VLAI
Title
Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection
Summary
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306320 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306320 | signaturepermissions-required |
| https://vuldb.com/?submit.557100 | third-party-advisory |
| https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:02:57.375986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:12.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Groovy Code Handler"
],
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "caichaoxiong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Apereo CAS 5.2.6 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion saveService der Datei cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\RegisteredServiceSimpleFormController.java der Komponente Groovy Code Handler. Durch die Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T20:00:08.108Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306320 | Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306320"
},
{
"name": "VDB-306320 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306320"
},
{
"name": "Submit #557100 | Apereo CAS v5.2.6 Remote Arbitrary Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.557100"
},
{
"tags": [
"exploit"
],
"url": "https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:12:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3984",
"datePublished": "2025-04-27T20:00:08.108Z",
"dateReserved": "2025-04-26T08:06:59.509Z",
"dateUpdated": "2025-04-28T18:09:12.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52797 (GCVE-0-2024-52797)
Vulnerability from nvd – Published: 2024-11-21 01:30 – Updated: 2025-10-28 19:47
VLAI
Title
Searching Opencast may cause a denial of service
Summary
Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion.
Opencast 13.10 and Opencast 14.3 contain patches which address the base issue, with Opencast 16.7 containing changes which harmonize the search behaviour between the admin UI and external API. Users are strongly recommended to upgrade as soon as possible if running versions prior to 13.10 or 14.3. While the relevant endpoints require (by default) `ROLE_ADMIN` or `ROLE_API_SERIES_VIEW`, the problem queries are otherwise innocuous. This issue could be easily triggered by normal administrative work on an affected Opencast system. Those who run a version newer than 13.10 and 14.3 and see different results when searching in their admin UI vs your external API or LMS, may resolve the issue by upgrading to 16.7. No known workarounds for the vulnerability are available.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/pull/5033 | x_refsource_MISC |
| https://github.com/opencast/opencast/pull/5150 | x_refsource_MISC |
| https://github.com/opencast/opencast/commit/3d5eb… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T15:19:09.686374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:19:24.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.4, \u003c 13.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3"
},
{
"status": "affected",
"version": "\u003e= 15.0, \u003c 16.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast\u0027s Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion.\n\nOpencast 13.10 and Opencast 14.3 contain patches which address the base issue, with Opencast 16.7 containing changes which harmonize the search behaviour between the admin UI and external API. Users are strongly recommended to upgrade as soon as possible if running versions prior to 13.10 or 14.3. While the relevant endpoints require (by default) `ROLE_ADMIN` or `ROLE_API_SERIES_VIEW`, the problem queries are otherwise innocuous. This issue could be easily triggered by normal administrative work on an affected Opencast system. Those who run a version newer than 13.10 and 14.3 and see different results when searching in their admin UI vs your external API or LMS, may resolve the issue by upgrading to 16.7. No known workarounds for the vulnerability are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T19:47:17.930Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-jh6x-7xfg-9cq2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-jh6x-7xfg-9cq2"
},
{
"name": "https://github.com/opencast/opencast/pull/5033",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/pull/5033"
},
{
"name": "https://github.com/opencast/opencast/pull/5150",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/pull/5150"
},
{
"name": "https://github.com/opencast/opencast/commit/3d5ebd163674eb18e070f52b64a18f92188f98c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/3d5ebd163674eb18e070f52b64a18f92188f98c3"
}
],
"source": {
"advisory": "GHSA-jh6x-7xfg-9cq2",
"discovery": "UNKNOWN"
},
"title": "Searching Opencast may cause a denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52797",
"datePublished": "2024-11-21T01:30:07.811Z",
"dateReserved": "2024-11-15T17:11:13.439Z",
"dateUpdated": "2025-10-28T19:47:17.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11209 (GCVE-0-2024-11209)
Vulnerability from nvd – Published: 2024-11-14 13:31 – Updated: 2024-11-14 14:29
VLAI
Title
Apereo CAS 2FA login improper authentication
Summary
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.284523 | vdb-entry |
| https://vuldb.com/?ctiid.284523 | signaturepermissions-required |
| https://vuldb.com/?submit.437238 | third-party-advisory |
| https://gist.github.com/0xArthurSouza/281e8ea8a79… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apereo | CAS |
Affected:
6.6
|
|
| apereo | cas_server |
Affected:
6.6
cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cas_server",
"vendor": "apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11209",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:27:41.882291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:29:15.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"2FA"
],
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Apereo CAS 6.6 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /login?service der Komponente 2FA. Durch Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T13:31:06.281Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-284523 | Apereo CAS 2FA login improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.284523"
},
{
"name": "VDB-284523 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.284523"
},
{
"name": "Submit #437238 | Apereo CAS 6.6 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.437238"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-14T07:58:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS 2FA login improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11209",
"datePublished": "2024-11-14T13:31:06.281Z",
"dateReserved": "2024-11-14T06:53:18.271Z",
"dateUpdated": "2024-11-14T14:29:15.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11208 (GCVE-0-2024-11208)
Vulnerability from nvd – Published: 2024-11-14 13:31 – Updated: 2024-11-14 14:31
VLAI
Title
Apereo CAS login session expiration
Summary
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Session Expiration
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.284522 | vdb-entry |
| https://vuldb.com/?ctiid.284522 | signaturepermissions-required |
| https://vuldb.com/?submit.437211 | third-party-advisory |
| https://gist.github.com/0xArthurSouza/ce3b89887b0… | related |
| https://ibb.co/1LxSK2k | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apereo | CAS |
Affected:
6.6
|
|
| apereo | cas_server |
Affected:
6.6
cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cas_server",
"vendor": "apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:30:05.341086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:31:21.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Apereo CAS 6.6 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /login?service. Durch das Manipulieren mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T13:31:04.929Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-284522 | Apereo CAS login session expiration",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.284522"
},
{
"name": "VDB-284522 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.284522"
},
{
"name": "Submit #437211 | Apereo CAS 6.6 Session Expiration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.437211"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/0xArthurSouza/ce3b89887b03cc899d5e8cb6e472b04e"
},
{
"tags": [
"exploit"
],
"url": "https://ibb.co/1LxSK2k"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-14T07:58:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS login session expiration"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11208",
"datePublished": "2024-11-14T13:31:04.929Z",
"dateReserved": "2024-11-14T06:53:14.390Z",
"dateUpdated": "2024-11-14T14:31:21.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-32985 (GCVE-0-2026-32985)
Vulnerability from cvelistv5 – Published: 2026-03-20 00:06 – Updated: 2026-03-20 17:37
VLAI
Title
Xerte Online Toolkits <= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution
Summary
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the import.php file to upload a template archive with PHP code in the media directory, which gets extracted to a web-accessible path where the malicious PHP can be directly accessed and executed under the web server context.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://xot.xerte.org.uk/ | product |
| https://packetstorm.news/files/id/216288/ | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Xerte | Xerte Online Toolkits |
Affected:
0 , ≤ 3.14
(custom)
|
Date Public
2026-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T14:18:57.386429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T14:19:58.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Xerte Online Toolkits",
"vendor": "Xerte",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "indoushka"
}
],
"datePublic": "2026-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eXerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the import.php file to upload a template archive with PHP code in the media directory, which gets extracted to a web-accessible path where the malicious PHP can be directly accessed and executed under the web server context.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality that allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the import.php file to upload a template archive with PHP code in the media directory, which gets extracted to a web-accessible path where the malicious PHP can be directly accessed and executed under the web server context."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T17:37:59.034Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Xerte Online Toolkits - Vendor Homepage",
"tags": [
"product"
],
"url": "https://xot.xerte.org.uk/"
},
{
"name": "Packet Storm listing (Xerte Online Toolkits 3.14 Shell Upload)",
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/216288/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Xerte Online Toolkits \u003c= 3.14 Unauthenticated Template Import Arbitrary File Upload Leading to Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-32985",
"datePublished": "2026-03-20T00:06:28.759Z",
"dateReserved": "2026-03-17T11:31:56.956Z",
"dateUpdated": "2026-03-20T17:37:59.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61906 (GCVE-0-2025-61906)
Vulnerability from cvelistv5 – Published: 2025-10-08 18:06 – Updated: 2025-10-08 18:24
VLAI
Title
Opencast's editor accidentally publishes videos/overwrites publications #1626
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for publishing, and thus possibly exposing internal media. This risk of this actually impacting someone is very low, though. This can only be triggered by users with write access to an event. They also have to use the editor, which is usually an action taken if they want to publish media and not something users would use on internal media they do not want to publish. Finally, they have to first click on "Save & Publish" before then selecting the "Save" option. Nevertheless, while very unlikely, this can happen. This issue is fixed in Opencast 17.8 and 18.2.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast-editor/issues/1626 | x_refsource_MISC |
| https://github.com/opencast/opencast-editor/commi… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T18:23:56.149714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:24:05.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.8"
},
{
"status": "affected",
"version": "\u003e= 18.0, \u003c 18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast\u0027s editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for publishing, and thus possibly exposing internal media. This risk of this actually impacting someone is very low, though. This can only be triggered by users with write access to an event. They also have to use the editor, which is usually an action taken if they want to publish media and not something users would use on internal media they do not want to publish. Finally, they have to first click on \"Save \u0026 Publish\" before then selecting the \"Save\" option. Nevertheless, while very unlikely, this can happen. This issue is fixed in Opencast 17.8 and 18.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:06:58.178Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-x6vw-p693-jjhv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-x6vw-p693-jjhv"
},
{
"name": "https://github.com/opencast/opencast-editor/issues/1626",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast-editor/issues/1626"
},
{
"name": "https://github.com/opencast/opencast-editor/commit/98ba1934f08f623f1537a9675cc452d803766a91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast-editor/commit/98ba1934f08f623f1537a9675cc452d803766a91"
}
],
"source": {
"advisory": "GHSA-x6vw-p693-jjhv",
"discovery": "UNKNOWN"
},
"title": "Opencast\u0027s editor accidentally publishes videos/overwrites publications #1626"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61906",
"datePublished": "2025-10-08T18:06:58.178Z",
"dateReserved": "2025-10-03T22:21:59.613Z",
"dateUpdated": "2025-10-08T18:24:05.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61788 (GCVE-0-2025-61788)
Vulnerability from cvelistv5 – Published: 2025-10-08 18:03 – Updated: 2025-10-08 18:26
VLAI
Title
Opencast Paella Player 7 vulnerable to Cross-Site-Scripting
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodified. The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers of users watching the prepared media. This can then be used to modify the site or to execute actions in the name of logged-in users. To inject malicious metadata, an attacker needs write access to the system. For example, the ability to upload media and modify metadata. This cannot be exploited by unauthenticated users. This issue is fixed in Opencast 17.8 and 18.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/commit/28095… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T18:26:03.593427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:26:13.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.8"
},
{
"status": "affected",
"version": "\u003e= 18.0, \u003c 18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs (metadata like title, description, etc.) unfiltered and unmodified. The vulnerability allows attackers to inject and malicious HTML and JavaScript in the player, which would then be executed in the browsers of users watching the prepared media. This can then be used to modify the site or to execute actions in the name of logged-in users. To inject malicious metadata, an attacker needs write access to the system. For example, the ability to upload media and modify metadata. This cannot be exploited by unauthenticated users. This issue is fixed in Opencast 17.8 and 18.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T18:03:22.518Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-m2vg-rmq6-p62r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-m2vg-rmq6-p62r"
},
{
"name": "https://github.com/opencast/opencast/commit/2809520fa88d108d8104c760f00c10bad42c14f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/2809520fa88d108d8104c760f00c10bad42c14f9"
}
],
"source": {
"advisory": "GHSA-m2vg-rmq6-p62r",
"discovery": "UNKNOWN"
},
"title": "Opencast Paella Player 7 vulnerable to Cross-Site-Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61788",
"datePublished": "2025-10-08T18:03:22.518Z",
"dateReserved": "2025-09-30T19:43:49.903Z",
"dateUpdated": "2025-10-08T18:26:13.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55202 (GCVE-0-2025-55202)
Vulnerability from cvelistv5 – Published: 2025-08-29 15:35 – Updated: 2025-08-29 16:00
VLAI
Title
Opencast has a partial path traversal vulnerability in UI config
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/pull/6979 | x_refsource_MISC |
| https://github.com/opencast/opencast/commit/e2cc6… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T16:00:17.803985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T16:00:31.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.7"
},
{
"status": "affected",
"version": "= 18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T15:35:35.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-hq8m-v68g-8cf8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-hq8m-v68g-8cf8"
},
{
"name": "https://github.com/opencast/opencast/pull/6979",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/pull/6979"
},
{
"name": "https://github.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009"
}
],
"source": {
"advisory": "GHSA-hq8m-v68g-8cf8",
"discovery": "UNKNOWN"
},
"title": "Opencast has a partial path traversal vulnerability in UI config"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55202",
"datePublished": "2025-08-29T15:35:35.338Z",
"dateReserved": "2025-08-08T21:55:07.965Z",
"dateUpdated": "2025-08-29T16:00:31.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54380 (GCVE-0-2025-54380)
Vulnerability from cvelistv5 – Published: 2025-07-26 03:28 – Updated: 2025-07-28 19:00
VLAI
Title
Opencast still publishes global system account credentials
Summary
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/security/adv… | x_refsource_MISC |
| https://github.com/opencast/opencast/commit/e8980… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T18:59:53.905632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T19:00:02.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003c 17.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass) when attempting to fetch mediapackage elements included in a mediapackage XML file. A previous CVE prevented many cases where the credentials were inappropriately sent, but not all. Anyone with ingest permissions could cause Opencast to send its hashed global system account credentials to a url of their choosing. This issue is fixed in Opencast 17.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T03:28:25.194Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-j63h-hmgw-x4j7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-j63h-hmgw-x4j7"
},
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-hcxx-mp6g-6gr9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-hcxx-mp6g-6gr9"
},
{
"name": "https://github.com/opencast/opencast/commit/e8980435342149375802648b9c9e696c9a5f0c9a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/e8980435342149375802648b9c9e696c9a5f0c9a"
}
],
"source": {
"advisory": "GHSA-j63h-hmgw-x4j7",
"discovery": "UNKNOWN"
},
"title": "Opencast still publishes global system account credentials"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54380",
"datePublished": "2025-07-26T03:28:25.194Z",
"dateReserved": "2025-07-21T16:12:20.733Z",
"dateUpdated": "2025-07-28T19:00:02.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3986 (GCVE-0-2025-3986)
Vulnerability from cvelistv5 – Published: 2025-04-27 21:00 – Updated: 2025-04-28 17:38
VLAI
Title
Apereo CAS CasConfigurationMetadataServerController.java redos
Summary
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306322 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306322 | signaturepermissions-required |
| https://vuldb.com/?submit.557473 | third-party-advisory |
| https://wx.mail.qq.com/s?k=rk-m8GwRMVMcOjBY1a | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T17:34:50.472484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T17:38:45.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "caichaoxiong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\\core\\cas-server-core-configuration-metadata-repository\\src\\main\\java\\org\\apereo\\cas\\metadata\\rest\\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Apereo CAS 5.2.6 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei cas-5.2.6\\core\\cas-server-core-configuration-metadata-repository\\src\\main\\java\\org\\apereo\\cas\\metadata\\rest\\CasConfigurationMetadataServerController.java. Mittels dem Manipulieren des Arguments Name mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T21:00:07.694Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306322 | Apereo CAS CasConfigurationMetadataServerController.java redos",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306322"
},
{
"name": "VDB-306322 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306322"
},
{
"name": "Submit #557473 | Apereo CAS v5.2.6 ReDos Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.557473"
},
{
"tags": [
"exploit"
],
"url": "https://wx.mail.qq.com/s?k=rk-m8GwRMVMcOjBY1a"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:12:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS CasConfigurationMetadataServerController.java redos"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3986",
"datePublished": "2025-04-27T21:00:07.694Z",
"dateReserved": "2025-04-26T08:07:08.619Z",
"dateUpdated": "2025-04-28T17:38:45.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3985 (GCVE-0-2025-3985)
Vulnerability from cvelistv5 – Published: 2025-04-27 20:31 – Updated: 2025-04-28 18:09
VLAI
Title
Apereo CAS ResponseEntity redos
Summary
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306321 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306321 | signaturepermissions-required |
| https://vuldb.com/?submit.557110 | third-party-advisory |
| https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:02:23.445535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:01.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "caichaoxiong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Apereo CAS 5.2.6 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion ResponseEntity der Datei cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\ManageRegisteredServicesMultiActionController.java. Durch Manipulation des Arguments Query mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T20:31:06.556Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306321 | Apereo CAS ResponseEntity redos",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306321"
},
{
"name": "VDB-306321 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306321"
},
{
"name": "Submit #557110 | Apereo CAS v5.2.6 ReDos regular expression engine denial of service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.557110"
},
{
"tags": [
"exploit"
],
"url": "https://wx.mail.qq.com/s?k=lzDuxVkSRXUZ0bwZEG"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:12:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS ResponseEntity redos"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3985",
"datePublished": "2025-04-27T20:31:06.556Z",
"dateReserved": "2025-04-26T08:07:05.931Z",
"dateUpdated": "2025-04-28T18:09:01.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3984 (GCVE-0-2025-3984)
Vulnerability from cvelistv5 – Published: 2025-04-27 20:00 – Updated: 2025-04-28 18:09
VLAI
Title
Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection
Summary
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.306320 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.306320 | signaturepermissions-required |
| https://vuldb.com/?submit.557100 | third-party-advisory |
| https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:02:57.375986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:09:12.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Groovy Code Handler"
],
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "5.2.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "caichaoxiong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Apereo CAS 5.2.6 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion saveService der Datei cas-5.2.6\\webapp-mgmt\\cas-management-webapp-support\\src\\main\\java\\org\\apereo\\cas\\mgmt\\services\\web\\RegisteredServiceSimpleFormController.java der Komponente Groovy Code Handler. Durch die Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T20:00:08.108Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-306320 | Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.306320"
},
{
"name": "VDB-306320 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.306320"
},
{
"name": "Submit #557100 | Apereo CAS v5.2.6 Remote Arbitrary Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.557100"
},
{
"tags": [
"exploit"
],
"url": "https://wx.mail.qq.com/s?k=ilW4ixcMaVgGU49Dij"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-26T10:12:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3984",
"datePublished": "2025-04-27T20:00:08.108Z",
"dateReserved": "2025-04-26T08:06:59.509Z",
"dateUpdated": "2025-04-28T18:09:12.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52797 (GCVE-0-2024-52797)
Vulnerability from cvelistv5 – Published: 2024-11-21 01:30 – Updated: 2025-10-28 19:47
VLAI
Title
Searching Opencast may cause a denial of service
Summary
Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion.
Opencast 13.10 and Opencast 14.3 contain patches which address the base issue, with Opencast 16.7 containing changes which harmonize the search behaviour between the admin UI and external API. Users are strongly recommended to upgrade as soon as possible if running versions prior to 13.10 or 14.3. While the relevant endpoints require (by default) `ROLE_ADMIN` or `ROLE_API_SERIES_VIEW`, the problem queries are otherwise innocuous. This issue could be easily triggered by normal administrative work on an affected Opencast system. Those who run a version newer than 13.10 and 14.3 and see different results when searching in their admin UI vs your external API or LMS, may resolve the issue by upgrading to 16.7. No known workarounds for the vulnerability are available.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/opencast/opencast/security/adv… | x_refsource_CONFIRM |
| https://github.com/opencast/opencast/pull/5033 | x_refsource_MISC |
| https://github.com/opencast/opencast/pull/5150 | x_refsource_MISC |
| https://github.com/opencast/opencast/commit/3d5eb… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T15:19:09.686374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:19:24.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencast",
"vendor": "opencast",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.4, \u003c 13.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3"
},
{
"status": "affected",
"version": "\u003e= 15.0, \u003c 16.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast\u0027s Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion.\n\nOpencast 13.10 and Opencast 14.3 contain patches which address the base issue, with Opencast 16.7 containing changes which harmonize the search behaviour between the admin UI and external API. Users are strongly recommended to upgrade as soon as possible if running versions prior to 13.10 or 14.3. While the relevant endpoints require (by default) `ROLE_ADMIN` or `ROLE_API_SERIES_VIEW`, the problem queries are otherwise innocuous. This issue could be easily triggered by normal administrative work on an affected Opencast system. Those who run a version newer than 13.10 and 14.3 and see different results when searching in their admin UI vs your external API or LMS, may resolve the issue by upgrading to 16.7. No known workarounds for the vulnerability are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T19:47:17.930Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencast/opencast/security/advisories/GHSA-jh6x-7xfg-9cq2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencast/opencast/security/advisories/GHSA-jh6x-7xfg-9cq2"
},
{
"name": "https://github.com/opencast/opencast/pull/5033",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/pull/5033"
},
{
"name": "https://github.com/opencast/opencast/pull/5150",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/pull/5150"
},
{
"name": "https://github.com/opencast/opencast/commit/3d5ebd163674eb18e070f52b64a18f92188f98c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencast/opencast/commit/3d5ebd163674eb18e070f52b64a18f92188f98c3"
}
],
"source": {
"advisory": "GHSA-jh6x-7xfg-9cq2",
"discovery": "UNKNOWN"
},
"title": "Searching Opencast may cause a denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52797",
"datePublished": "2024-11-21T01:30:07.811Z",
"dateReserved": "2024-11-15T17:11:13.439Z",
"dateUpdated": "2025-10-28T19:47:17.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11209 (GCVE-0-2024-11209)
Vulnerability from cvelistv5 – Published: 2024-11-14 13:31 – Updated: 2024-11-14 14:29
VLAI
Title
Apereo CAS 2FA login improper authentication
Summary
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.284523 | vdb-entry |
| https://vuldb.com/?ctiid.284523 | signaturepermissions-required |
| https://vuldb.com/?submit.437238 | third-party-advisory |
| https://gist.github.com/0xArthurSouza/281e8ea8a79… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apereo | CAS |
Affected:
6.6
|
|
| apereo | cas_server |
Affected:
6.6
cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cas_server",
"vendor": "apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11209",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:27:41.882291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:29:15.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"2FA"
],
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Apereo CAS 6.6 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /login?service der Komponente 2FA. Durch Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T13:31:06.281Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-284523 | Apereo CAS 2FA login improper authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.284523"
},
{
"name": "VDB-284523 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.284523"
},
{
"name": "Submit #437238 | Apereo CAS 6.6 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.437238"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-14T07:58:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS 2FA login improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11209",
"datePublished": "2024-11-14T13:31:06.281Z",
"dateReserved": "2024-11-14T06:53:18.271Z",
"dateUpdated": "2024-11-14T14:29:15.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11208 (GCVE-0-2024-11208)
Vulnerability from cvelistv5 – Published: 2024-11-14 13:31 – Updated: 2024-11-14 14:31
VLAI
Title
Apereo CAS login session expiration
Summary
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Session Expiration
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.284522 | vdb-entry |
| https://vuldb.com/?ctiid.284522 | signaturepermissions-required |
| https://vuldb.com/?submit.437211 | third-party-advisory |
| https://gist.github.com/0xArthurSouza/ce3b89887b0… | related |
| https://ibb.co/1LxSK2k | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apereo | CAS |
Affected:
6.6
|
|
| apereo | cas_server |
Affected:
6.6
cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cas_server",
"vendor": "apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:30:05.341086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:31:21.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Apereo CAS 6.6 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /login?service. Durch das Manipulieren mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T13:31:04.929Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-284522 | Apereo CAS login session expiration",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.284522"
},
{
"name": "VDB-284522 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.284522"
},
{
"name": "Submit #437211 | Apereo CAS 6.6 Session Expiration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.437211"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/0xArthurSouza/ce3b89887b03cc899d5e8cb6e472b04e"
},
{
"tags": [
"exploit"
],
"url": "https://ibb.co/1LxSK2k"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-14T07:58:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS login session expiration"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11208",
"datePublished": "2024-11-14T13:31:04.929Z",
"dateReserved": "2024-11-14T06:53:14.390Z",
"dateUpdated": "2024-11-14T14:31:21.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11207 (GCVE-0-2024-11207)
Vulnerability from cvelistv5 – Published: 2024-11-14 12:31 – Updated: 2024-11-14 19:32
VLAI
Title
Apereo CAS login redirect
Summary
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - Open Redirect
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.284521 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.284521 | signaturepermissions-required |
| https://vuldb.com/?submit.437207 | third-party-advisory |
| https://gist.github.com/0xArthurSouza/68295d8fa20… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apereo:cas:6.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cas",
"vendor": "apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:46:20.660109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:32:28.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CAS",
"vendor": "Apereo",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Apereo CAS 6.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /login. Mittels Manipulieren des Arguments redirect_uri mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T12:31:04.225Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-284521 | Apereo CAS login redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.284521"
},
{
"name": "VDB-284521 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.284521"
},
{
"name": "Submit #437207 | Apereo CAS 6.6 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.437207"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-14T07:58:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Apereo CAS login redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11207",
"datePublished": "2024-11-14T12:31:04.225Z",
"dateReserved": "2024-11-14T06:53:11.652Z",
"dateUpdated": "2024-11-14T19:32:28.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}