Access Control Misconfiguration in Opencast for Media Publishing
CVE-2017-1000221
6.5MEDIUM
What is CVE-2017-1000221?
In specific versions of Opencast, an access control misconfiguration occurs due to overlapping usernames. This flaw allows users to gain access to recordings they should not have permission to view. For example, a user assigned the role ROLE_USER can access content restricted to users with a role like ROLE_USER_X, bypassing intended access controls.
