{"id":"CVE-2018-16153","details":"An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations.","aliases":["GHSA-hcxx-mp6g-6gr9"],"modified":"2026-03-15T14:02:42.910753Z","published":"2023-12-12T17:15:07.517Z","related":["GHSA-hcxx-mp6g-6gr9"],"references":[{"type":"ADVISORY","url":"https://docs.opencast.org/r/10.x/admin/#changelog"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hcxx-mp6g-6gr9"},{"type":"ADVISORY","url":"https://www.apereo.org/projects/opencast/news"},{"type":"FIX","url":"https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencast/opencast","events":[{"introduced":"77e712ad3fbdc390edeeccfb170b02d28247723e"},{"fixed":"5178b6bdabd5e63d727bbf10fca8dc0dfbdebb35"},{"fixed":"776d5588f39c61eb04c03bb955416c4f77629d51"}],"database_specific":{"versions":[{"introduced":"4.0"},{"fixed":"10.6"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16153.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}