CVE-2017-14143

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-19 15:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-14143

Mitre link : CVE-2017-14143

CVE.ORG link : CVE-2017-14143


JSON object : View

Products Affected

kaltura

  • kaltura_server
CWE
CWE-798

Use of Hard-coded Credentials