Vulnerabilities > Apereo > Opencast

DATE CVE VULNERABILITY TITLE RISK
2020-01-30 CVE-2020-5230 Injection vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used.
network
low complexity
apereo CWE-74
5.0
2020-01-30 CVE-2020-5222 Use of Hard-coded Credentials vulnerability in Apereo Opencast
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key.
network
low complexity
apereo CWE-798
6.5
2020-01-30 CVE-2020-5229 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apereo Opencast
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm.
network
low complexity
apereo CWE-327
5.5
2020-01-30 CVE-2020-5228 Missing Authorization vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH.
network
low complexity
apereo CWE-862
5.0
2017-11-17 CVE-2017-1000221 Incorrect Permission Assignment for Critical Resource vulnerability in Apereo Opencast
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction.
network
low complexity
apereo CWE-732
4.0