CVE-2017-1000221 – org.opencastproject:opencast-kernel

Package

Manager: maven
Name: org.opencastproject:opencast-kernel
Vulnerable Version: >=0 <2.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00215 pctl0.44049

Details

Opencast has Incorrect Permission Assignment In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.

Metadata

Created: 2022-05-13T01:40:59Z
Modified: 2022-11-08T21:57:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hx44-c87v-p6xg/GHSA-hx44-c87v-p6xg.json
CWE IDs: ["CWE-732"]
Alternative ID: GHSA-hx44-c87v-p6xg
Finding: F039
Auto approve: 1