CVE-2017-1000221
Opencast has Incorrect Permission Assignment
6.5
MEDIUM
CVSS 3.1
EPSS 0.21%
Description
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
How to fix CVE-2017-1000221
To remediate CVE-2017-1000221, upgrade the affected package to a fixed version below.
- —upgrade to 2.2.4 or later
Is CVE-2017-1000221 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |