Back to search
CVE-2017-1000221
Published: Nov 17, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://opencast.jira.com/browse/MH-11862
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now