VYPR
Critical severity9.8OSV Advisory· Published Sep 19, 2017· Updated Jun 17, 2026

CVE-2017-14143

CVE-2017-14143

Description

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Kaltura/ServerOSV2 versions
    IX-9.0.0-rel, IX-9.11.0-rel, IX-9.12.0-rel, …+ 1 more
    • (no CPE)range: IX-9.0.0-rel, IX-9.11.0-rel, IX-9.12.0-rel, …
    • cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*range: <=mercury-13.1.0
  • Kaltura/Kalturallm-fuzzy
    Range: <13.2.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.