Lucene search
K

246 matches found

Cvelist
Cvelist
added 2022/11/28 12:0 a.m.24 views

CVE-2022-41965 Opencast Authenticated OpenRedirect Vulnerability

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to...

5.7CVSS6.3AI score0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.3 views

PT-2022-26189 · Opencast · Opencast

Name of the Vulnerable Software and Affected Versions: Opencast versions prior to 12.5 Description: The vulnerability in Opencast's Paella authentication page allows attackers to redirect authenticated users to arbitrary URLs, potentially facilitating phishing attacks or other security issues. Th...

6.1CVSS6.2AI score0.00347EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/11/28 12:0 a.m.11 views

CVE-2022-41965 Opencast Authenticated OpenRedirect Vulnerability

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to...

5.7CVSS6.1AI score0.00347EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/10/12 12:0 a.m.10 views

The vulnerability of the application for automatic capture, processing, management, and distribution of Opencast videos, related to the use of files and directories accessible to external parties, allows a violator to gain unauthorized access to protected information.

The vulnerability of the application for automatic capture, processing, management, and distribution of Opencast videos involves the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized...

9.9CVSS7.3AI score0.01964EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2022/09/12 12:0 a.m.37 views

Opencast < 9.10, 10.x < 10.6 Log4j RCE Vulnerability (GHSA-mf4f-j588-5xm8, Log4Shell)

Opencast is prone to a remote code execution RCE vulnerability in the Apache Log4j library dubbed SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

10CVSS10AI score0.99999EPSS
Exploits351References7
OpenVAS
OpenVAS
added 2022/05/26 12:0 a.m.23 views

Opencast < 10.6 Unauthorized File Access Vulnerability

Opencast is prone to a unauthorized file access vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

9.9CVSS7.5AI score0.01964EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/05/26 12:0 a.m.14 views

Opencast < 10.14, 11.x < 11.7 Improper Authentication Vulnerability

Opencast is prone to a improper authentication vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

5.5CVSS5.6AI score0.00541EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/05/26 12:0 a.m.13 views

Opencast < 9.10 HTTP Method Spoofing Vulnerability

Opencast is prone to an HTTP method spoofing vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

7.5CVSS6.5AI score0.01416EPSS
Exploits1References3
OSV
OSV
added 2022/05/25 8:16 p.m.21 views

GHSA-QM6V-CG9V-53J3 Limited Authentication Bypass for Media Files

Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Impact The vulnerability allows attackers to bypass organizational...

5.4CVSS5.1AI score0.00541EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/25 8:16 p.m.31 views

Limited Authentication Bypass for Media Files

Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Impact The vulnerability allows attackers to bypass organizational...

5.5CVSS5.2AI score0.00541EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/05/25 6:11 a.m.29 views

Authentication Bypass

Opencast-ingest-service-impl is vulnerable to authentication bypass. The vulnerability exists in addContentToRepo function in IngestServiceImpl.java because opencast doesn't properly restrict users when passing URLs which allows an attacker to gain access and bypass organizational barriers...

5.4CVSS5.9AI score0.00541EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/05/24 3:15 p.m.28 views

CVE-2022-29237

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.5CVSS0.00541EPSS
Exploits0References2
Prion
Prion
added 2022/05/24 3:15 p.m.16 views

Double free

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.5CVSS5.2AI score0.00541EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/24 2:40 p.m.9 views

CVE-2022-29237 Limited Authentication Bypass for Media Files in Opencast

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.4CVSS5.2AI score0.00541EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 2:40 p.m.25 views

CVE-2022-29237 Limited Authentication Bypass for Media Files in Opencast

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.4CVSS5.2AI score0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/24 2:40 p.m.28 views

CVE-2022-29237 Limited Authentication Bypass for Media Files in Opencast

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

5.4CVSS5.4AI score0.00541EPSS
Exploits0References2
CVE
CVE
added 2022/05/24 2:40 p.m.103 views

CVE-2022-29237

Opencast exposes a cross-tenant access flaw: before versions 10.14 and 11.7, an attacker with full access to the ingest REST interface and knowledge of internal links could import files from another organization within the same multi-tenant cluster, bypassing organizational barriers. The issue is...

5.5CVSS5.1AI score0.00541EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/05/24 12:0 a.m.4 views

Opencast 授权问题漏洞

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. An authorization issue vulnerability exists in Opencast prior to version 10.14 and prior to version 11.7, which stems from the fact that a user can pass i...

5.5CVSS5.7AI score0.00541EPSS
Exploits0References3
OSV
OSV
added 2022/05/14 1:6 a.m.19 views

GHSA-QWFV-5JWJ-582H Opencast RCE Vulnerability

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

8.8CVSS8.8AI score0.01878EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.26 views

Opencast RCE Vulnerability

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

8.8CVSS7.4AI score0.01878EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder