Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Disabled Hostname Verification in OpenCast
Vulnerability Description
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
源验证错误
Vulnerability Title
Opencast 访问控制错误漏洞
Vulnerability Description
Opencast是Opencast组织的一款用于大规模自动视频捕获,管理和分发的直播视频支撑软件。 Opencast 8.9和7.9之前版本存在安全漏洞,该漏洞源于Opencast禁用HTTPS主机名验证,它的HTTP客户端用于Opencast的大部分HTTP请求。主机名验证是使用HTTPS确保提供的证书对主机有效的一个重要部分。禁用它会导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A