CVE-2017-1000221
Last modified
CVE-2017-1000221 is a vulnerability of currently unknown severity. In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.. EPSS estimates a 0.76% chance of exploitation in the next 30 days.
Description
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apereo | Opencast | <= 2.2.3 |
References
- https://opencast.jira.com/browse/MH-11862Exploit, Issue Tracking, Vendor Advisory
- https://opencast.jira.com/browse/MH-11862Exploit, Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000221?
How severe is CVE-2017-1000221?
How do I fix CVE-2017-1000221?
Are you affected by CVE-2017-1000221?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST