The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.
2019-11-18T16:15:11.447
2024-11-21T03:46:44.220
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | blackboard | blackboard_learn | 2018-07-02 | Yes |