Access Control Misconfiguration in Opencast for Media Publishing
CVE-2017-1000221

6.5MEDIUM

Key Information:

Vendor

Apereo

Status
Vendor
CVE Published:
17 November 2017

What is CVE-2017-1000221?

In specific versions of Opencast, an access control misconfiguration occurs due to overlapping usernames. This flaw allows users to gain access to recordings they should not have permission to view. For example, a user assigned the role ROLE_USER can access content restricted to users with a role like ROLE_USER_X, bypassing intended access controls.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.