Vulnerabilities > Apereo > Opencast

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2018-16153 Insufficiently Protected Credentials vulnerability in Apereo Opencast
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6.
network
low complexity
apereo CWE-522
7.5
2022-11-28 CVE-2022-41965 Open Redirect vulnerability in Apereo Opencast
Opencast is a free, open-source platform to support the management of educational audio and video content.
network
low complexity
apereo CWE-601
6.1
2022-05-24 CVE-2022-29237 Improper Authentication vulnerability in Apereo Opencast
Opencast is a free and open source solution for automated video capture and distribution at scale.
network
low complexity
apereo CWE-287
5.5
2021-12-14 CVE-2021-43821 Files or Directories Accessible to External Parties vulnerability in Apereo Opencast
Opencast is an Open Source Lecture Capture & Video Management for Education.
network
low complexity
apereo CWE-552
4.0
2021-12-14 CVE-2021-43807 Authentication Bypass by Spoofing vulnerability in Apereo Opencast
Opencast is an Open Source Lecture Capture & Video Management for Education.
network
apereo CWE-290
4.3
2021-06-16 CVE-2021-32623 XML Entity Expansion vulnerability in Apereo Opencast
Opencast is a free and open source solution for automated video capture and distribution.
network
low complexity
apereo CWE-776
4.0
2021-02-18 CVE-2021-21318 Incorrect Authorization vulnerability in Apereo Opencast
Opencast is a free, open-source platform to support the management of educational audio and video content.
network
low complexity
apereo CWE-863
5.5
2020-12-08 CVE-2020-26234 Origin Validation Error vulnerability in Apereo Opencast
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests.
network
high complexity
apereo CWE-346
2.1
2020-01-30 CVE-2020-5231 Incorrect Default Permissions vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN.
network
low complexity
apereo CWE-276
4.0
2020-01-30 CVE-2020-5206 Improper Authentication vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
network
low complexity
apereo CWE-287
6.4