Authentication Bypass

2020-01-3102:53:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.002

Percentile

51.3%

JSON

opencast-kernel is vulnerable to authentication bypass. The vulnerability exists as media publication via OAI-PMH allows unauthenticated public access to all media and metadata by default.

References

github.com/opencast/opencast/blob/1fb812c7810c78f09f29a7f455ff920417924307/etc/security/mh_default_org.xml#L271-L276

github.com/opencast/opencast/commit/74bfb708a6c0b8ffe3e8ab67e1a78dacbb6f2225

github.com/opencast/opencast/security/advisories/GHSA-6f54-3qr9-pjgj

EPSS

0.002

Percentile

51.3%

JSON

Related for VERACODE:22415