Vulnerabilities > Apereo

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-42567 Cross-site Scripting vulnerability in Apereo Central Authentication Service
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
network
low complexity
apereo CWE-79
6.1
2021-06-16 CVE-2021-32623 Unspecified vulnerability in Apereo Opencast
Opencast is a free and open source solution for automated video capture and distribution.
network
low complexity
apereo
6.5
2021-02-18 CVE-2021-21318 Unspecified vulnerability in Apereo Opencast
Opencast is a free, open-source platform to support the management of educational audio and video content.
network
low complexity
apereo
5.4
2020-12-08 CVE-2020-26234 Origin Validation Error vulnerability in Apereo Opencast
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests.
network
high complexity
apereo CWE-346
4.8
2020-10-16 CVE-2020-27178 Unspecified vulnerability in Apereo Central Authentication Service
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
network
low complexity
apereo
7.5
2020-01-30 CVE-2020-5231 Incorrect Default Permissions vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN.
network
low complexity
apereo CWE-276
6.5
2020-01-30 CVE-2020-5206 Improper Authentication vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
network
low complexity
apereo CWE-287
critical
10.0
2020-01-30 CVE-2020-5230 Injection vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used.
network
low complexity
apereo CWE-74
7.5
2020-01-30 CVE-2020-5222 Use of Hard-coded Credentials vulnerability in Apereo Opencast
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key.
network
low complexity
apereo CWE-798
8.8
2020-01-30 CVE-2020-5229 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apereo Opencast
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm.
network
low complexity
apereo CWE-327
8.1