{"id":"CVE-2017-14143","details":"The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.","modified":"2026-04-02T00:08:14.639137Z","published":"2017-09-19T15:29:01.053Z","references":[{"type":"WEB","url":"https://www.exploit-db.com/exploits/43876/"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/43028/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100976"},{"type":"ADVISORY","url":"https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682"},{"type":"EVIDENCE","url":"https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kaltura/server","events":[{"introduced":"0"},{"last_affected":"93c941108821069294abae9bcc971ae5a809f941"},{"fixed":"6a6d14328b7a1493e8c47f9565461e5f88be20c9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"mercury-13.1.0"}]}}],"versions":["IX-9.0.0-rel","IX-9.11.0-rel","IX-9.12.0-rel","IX-9.13.0-rel","IX-9.14.0-rel","IX-9.15.0-rel","IX-9.16.0-rel","IX-9.17.0-rel","IX-9.18.0-rel","IX-9.19.0-part2-rel","IX-9.19.0-rel","IX-9.19.1-rel","IX-9.19.2-rel","IX-9.19.3-rel","IX-9.19.4-rel","IX-9.19.5-rel","IX-9.19.6-rel","IX-9.19.7-rel","IX-9.19.8-rel","IX-9.3.0-rel","IX-9.5.0-rel","IX-9.6.0-rel","IX-9.8.0-rel","IX-9.9.0-rel","Jupiter-10.0.0-rel","Jupiter-10.1.0-rel","Jupiter-10.10.0-rel","Jupiter-10.11.0-rel","Jupiter-10.12.0-rel","Jupiter-10.13.0-rel","Jupiter-10.14.0-rel","Jupiter-10.15.0-rel","Jupiter-10.16.0-rel","Jupiter-10.17.0-rel","Jupiter-10.18.0-rel","Jupiter-10.19.0-rel","Jupiter-10.2.0-rel","Jupiter-10.20.0-rel","Jupiter-10.21.0-rel","Jupiter-10.3.0-rel","Jupiter-10.4.0-rel","Jupiter-10.5.0-rel","Jupiter-10.6.0-rel","Jupiter-10.7.0-rel","Jupiter-10.8.0-rel","Jupiter-10.9.0-rel","Kajam-11.0.0-rel","Kajam-11.10.0-rel","Kajam-11.11.0-rel","Kajam-11.12.0-rel","Kajam-11.13.0-rel","Kajam-11.14.0-rel","Kajam-11.15.0-rel","Kajam-11.16.0-rel","Kajam-11.17.0-rel","Kajam-11.18.0-rel","Kajam-11.19.0-rel","Kajam-11.2.0-rel","Kajam-11.20.0-rel","Kajam-11.21.0-rel","Kajam-11.3.0-rel","Kajam-11.4.0-rel","Kajam-11.5.0-rel","Kajam-11.6.0-rel","Kajam-11.7.0-rel","Kajam-11.8.0-rel","Kajam-11.9.0-rel","Lynx-12.0.0-rel","Lynx-12.1.0-rel","Lynx-12.10.0-rel","Lynx-12.11.0-rel","Lynx-12.12.0-rel","Lynx-12.13.0-rel","Lynx-12.14.0-rel","Lynx-12.15.0-rel","Lynx-12.16.0-rel","Lynx-12.17.0-rel","Lynx-12.18.0-rel","Lynx-12.19.0-rel","Lynx-12.2.0-rel","Lynx-12.20.0-rel","Lynx-12.3.0-rel","Lynx-12.4.0-rel","Lynx-12.5.0-rel","Lynx-12.6.0-rel","Lynx-12.7.0-rel","Lynx-12.8.0-rel","Lynx-12.9.0-rel","Mercury-13.0.0-rel","Mercury-13.1.0-rel","kajam-11.1.0-rel"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14143.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}