apereo opencast CVE-2022-29237 is a vulnerability in Apereo Opencast
Published on May 24, 2022

Limited Authentication Bypass for Media Files in Opencast
Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast's ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7.

Github Repository NVD

Vulnerability Analysis

CVE-2022-29237 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2022-29237 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2022-29237

Want to know whenever a new CVE is published for Apereo Opencast? stack.watch will email you.

Apereo Opencast
 

Affected Versions

opencast:

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-29237

Package Manager Vulnerable Package Versions Fixed In
maven org.opencastproject:opencast-ingest-service-impl < 10.14 10.14
maven org.opencastproject:opencast-ingest-service-impl >= 11.0, < 11.7 11.7

Exploit Probability

EPSS
0.15%
Percentile
34.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.