4 matches found
CVE-2020-5231
In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...
CVE-2020-5231
In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...
CVE-2020-5231 Opencast users with ROLE_COURSE_ADMIN can create new users
In Opencast before 7.6 and 8.1, users with the role ROLECOURSEADMIN can use the user-utils endpoint to create new users not including the role ROLEADMIN. ROLECOURSEADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code except for tests but only i...
CVE-2020-5231
Opencast is affected in versions before 7.6 and before 8.1 where users with the non‑standard ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users (not granting ROLE_ADMIN). Root cause: a misconfiguration in security allowing creation by a course admin. Impact: authorization bypas...