Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oeDQ0LWM4N3YtcDZ4Z84AAR2S
Opencast has Incorrect Permission Assignment
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
Permalink: https://github.com/advisories/GHSA-hx44-c87v-p6xgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeDQ0LWM4N3YtcDZ4Z84AAR2S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-hx44-c87v-p6xg, CVE-2017-1000221
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000221
- https://opencast.jira.com/browse/MH-11862
- https://github.com/opencast/opencast/commit/f1abcaf998a469a2081461e0e3b4211927849439
- https://github.com/advisories/GHSA-hx44-c87v-p6xg
Blast Radius: 10.0
Affected Packages
maven:org.opencastproject:opencast-kernel
Dependent packages: 19Dependent repositories: 34
Downloads:
Affected Version Ranges: < 2.2.4
Fixed in: 2.2.4
All affected versions:
All unaffected versions: