Vulnerabilities > Apereo

DATE CVE VULNERABILITY TITLE RISK
2021-02-18 CVE-2021-21318 Incorrect Authorization vulnerability in Apereo Opencast
Opencast is a free, open-source platform to support the management of educational audio and video content.
network
low complexity
apereo CWE-863
5.5
2020-12-08 CVE-2020-26234 Origin Validation Error vulnerability in Apereo Opencast
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests.
network
high complexity
apereo CWE-346
2.1
2020-10-16 CVE-2020-27178 Improper Authentication vulnerability in Apereo Central Authentication Service
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
network
low complexity
apereo CWE-287
5.0
2020-01-30 CVE-2020-5231 Incorrect Default Permissions vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN.
network
low complexity
apereo CWE-276
4.0
2020-01-30 CVE-2020-5206 Improper Authentication vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
network
low complexity
apereo CWE-287
6.4
2020-01-30 CVE-2020-5230 Injection vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used.
network
low complexity
apereo CWE-74
5.0
2020-01-30 CVE-2020-5222 USE of Hard-Coded Credentials vulnerability in Apereo Opencast
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key.
network
low complexity
apereo CWE-798
6.5
2020-01-30 CVE-2020-5229 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Apereo Opencast
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm.
network
low complexity
apereo CWE-327
5.5
2020-01-30 CVE-2020-5228 Missing Authorization vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH.
network
low complexity
apereo CWE-862
5.0
2020-01-24 CVE-2014-4172 Injection vulnerability in multiple products
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
network
low complexity
apereo debian fedoraproject CWE-74
7.5