cvedb.io
CVE-2017-1000221
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2017-11-17T22:29:00.363 · Last modified 2026-06-17T00:58:55.943

Summary

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.

Affected products

apereo — opencast

Does this affect you?

Add your gear to cvedb and we'll alert you only when apereo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.