CVE-2018-13257

Name of the Vulnerable Software and Affected Versions Blackboard Learn version 2018-07-02

Description The issue concerns HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation in the bb-auth-provider-cas authentication module. This allows for a phishing attack from the CAS server login page.

Recommendations For Blackboard Learn version 2018-07-02, consider restricting access to the bb-auth-provider-cas authentication module until a fix is available. As a temporary workaround, restrict the use of the CAS service ticket validation to minimize the risk of exploitation.