Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apereo opencast vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-5231
In Opencast prior to 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (ex...
Apereo Opencast
Apereo Opencast 8.0
10
CVSSv3
CVE-2020-5206
In Opencast prior to 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attack...
Apereo Opencast
Apereo Opencast 8.0
7.5
CVSSv3
CVE-2020-5228
Opencast prior to 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly han...
Apereo Opencast
Apereo Opencast 8.0
7.5
CVSSv3
CVE-2020-5230
Opencast prior to 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape...
Apereo Opencast
Apereo Opencast 8.0
8.8
CVSSv3
CVE-2020-5222
Opencast prior to 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using th...
Apereo Opencast
Apereo Opencast 8.0
5.4
CVSSv3
CVE-2022-29237
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current ...
Apereo Opencast
4.8
CVSSv3
CVE-2020-26234
Opencast prior to 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling i...
Apereo Opencast
8.1
CVSSv3
CVE-2020-5229
Opencast prior to 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is pro...
Apereo Opencast
1 Github repository
6.1
CVSSv3
CVE-2022-41965
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows malicious ...
Apereo Opencast
6.5
CVSSv3
CVE-2021-32623
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast before 9.6 are vulnerable to the billion laughs attack, which allows an malicious user to easily execute a (seemingly permanent) denial of service attack, essentially ta...
Apereo Opencast
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »