Vulnerabilities > Apereo

DATE CVE VULNERABILITY TITLE RISK
2021-12-14 CVE-2021-43821 Files or Directories Accessible to External Parties vulnerability in Apereo Opencast
Opencast is an Open Source Lecture Capture & Video Management for Education.
network
low complexity
apereo CWE-552
4.0
2021-12-14 CVE-2021-43807 Authentication Bypass by Spoofing vulnerability in Apereo Opencast
Opencast is an Open Source Lecture Capture & Video Management for Education.
network
apereo CWE-290
4.3
2021-12-07 CVE-2021-42567 Cross-site Scripting vulnerability in Apereo Central Authentication Service
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
network
apereo CWE-79
4.3
2021-06-16 CVE-2021-32623 XML Entity Expansion vulnerability in Apereo Opencast
Opencast is a free and open source solution for automated video capture and distribution.
network
low complexity
apereo CWE-776
4.0
2021-02-18 CVE-2021-21318 Incorrect Authorization vulnerability in Apereo Opencast
Opencast is a free, open-source platform to support the management of educational audio and video content.
network
low complexity
apereo CWE-863
5.5
2020-12-08 CVE-2020-26234 Origin Validation Error vulnerability in Apereo Opencast
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests.
network
high complexity
apereo CWE-346
2.1
2020-10-16 CVE-2020-27178 Improper Authentication vulnerability in Apereo Central Authentication Service
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
network
low complexity
apereo CWE-287
5.0
2020-01-30 CVE-2020-5231 Incorrect Default Permissions vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN.
network
low complexity
apereo CWE-276
4.0
2020-01-30 CVE-2020-5206 Improper Authentication vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
network
low complexity
apereo CWE-287
6.4
2020-01-30 CVE-2020-5230 Injection vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used.
network
low complexity
apereo CWE-74
5.0