Veracode Vulnerability DatabaseVERACODE:33347Privilege Escalation
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
org.opencastproject:opencast-ingest-service-impl is vulnerable to privilege escalation. An authenticated attacker is able to extract secrets from the host machine via exploiting local files with read access resulting in privilege escalation vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opencast :: ingest-service-impl | le | 10.5 | |
| opencast :: ingest-service-impl | le | 10.5 |
References
github.com/opencast/opencast/blob/69952463971cf578363e3b97d8edaf334ff51253/modules/ingest-service-impl/src/main/java/org/opencastproject/ingest/impl/IngestServiceImpl.java#L1587
github.com/opencast/opencast/commit/65c46b9d3e8f045c544881059923134571897764
github.com/opencast/opencast/security/advisories/GHSA-59g4-hpg3-3gcp
mvnrepository.com/artifact/org.opencastproject/opencast-ingest-service-impl
Related
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N