CVE-2017-14143

Name of the Vulnerable Software and Affected Versions Kaltura versions prior to 13.2.0

Description The issue concerns the getUserzoneCookie function, which uses a hardcoded cookie secret to validate cookie signatures. This allows remote attackers to bypass an intended protection mechanism, conduct PHP object injection attacks, and execute arbitrary PHP code via a crafted userzone cookie.

Recommendations For versions prior to 13.2.0, update to version 13.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the getUserzoneCookie function until a patch is available.