CVE-2022-29237

Name: CVE-2022-29237
Creator: NVD / NIST
Published: 2022-05-24T15:15:08.037+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.4/10EPSS 0.54%

Last modified Jun 17, 2026

CVE-2022-29237 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. EPSS estimates a 0.54% chance of exploitation in the next 30 days.

Description

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast's ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

0.54%

41.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Apereo	Opencast	< 10.14
Apereo	Opencast	>= 11.0, < 11.7

References

https://github.com/opencast/opencast/commit/8d5ec1614eed109b812bc27b0c6d3214e456d4e7Patch, Third Party Advisory
https://github.com/opencast/opencast/security/advisories/GHSA-qm6v-cg9v-53j3Patch, Third Party Advisory
https://github.com/opencast/opencast/commit/8d5ec1614eed109b812bc27b0c6d3214e456d4e7Patch, Third Party Advisory
https://github.com/opencast/opencast/security/advisories/GHSA-qm6v-cg9v-53j3Patch, Third Party Advisory

Timeline

Published: May 24, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-29237?

How severe is CVE-2022-29237?

CVE-2022-29237 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.54% probability of exploitation in the next 30 days.

How do I fix CVE-2022-29237?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29237?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST