CVE-2022-41965 MEDIUM

CVE-2022-41965: Opencast Authenticated OpenRedirect Vulnerability

Vendor Opencast
Product opencast
Weakness CWE-601 · Open redirect
Published November 28, 2022
Last update April 23, 2025

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.

Key dates

02Disclosure timeline

November 28, 2022 CVE published
April 23, 2025 Record updated