GHSA-hx44-c87v-p6xg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hx44-c87v-p6xg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hx44-c87v-p6xg/GHSA-hx44-c87v-p6xg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hx44-c87v-p6xg
- Aliases
- Published
- 2022-05-13T01:40:59Z
- Modified
- 2023-11-08T03:58:44.413008Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Opencast has Incorrect Permission Assignment
- Details
-
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLEUSER will have access to recordings published only for ROLEUSER_X.
- Database specific
{ "nvd_published_at": "2017-11-17T22:29:00Z", "github_reviewed_at": "2022-11-08T21:57:59Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-732" ] }- References
Affected packages
Maven / org.opencastproject:opencast-kernel
Package
- Name
- org.opencastproject:opencast-kernel
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opencastproject/opencast-kernel