Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read
Posted by deepcore on March 16, 2016 – 6:06 am
The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.
Post a reply
You must be logged in to post a comment.