Skip to main content

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2022-41965

Severity Medium
Score 6.1/10

Summary

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast versions through 12.4, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues.

  • LOW
  • NETWORK
  • LOW
  • CHANGED
  • REQUIRED
  • NONE
  • LOW
  • NONE

CWE-601 - Open Redirect

An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.

Advisory Timeline

  • Published