The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/gluxon/CVE-2018-13257 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-18T15:32:42
Updated: 2024-08-05T09:00:34.044Z
Reserved: 2018-07-05T00:00:00
Link: CVE-2018-13257
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-18T16:15:11.447
Modified: 2019-11-25T21:10:13.603
Link: CVE-2018-13257
Redhat
No data.