Main Vulnerability Database SB2021021830

SB2021021830 - Improper access control in Opencast

Published: February 18, 2021 Updated: April 23, 2026

Security Bulletin ID SB2021021830

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2021-21318)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in search-service-impl when removing an event from a published series. A remote user can remove an episode to disclose sensitive information.

The issue can leave series metadata accessible with broader access rules than those of the remaining events, or keep series metadata available after all episodes in the series have been removed.

Remediation

Install update from vendor's website.

References

https://github.com/opencast/opencast/security/advisories/GHSA-vpc2-3wcv-qj4w
https://github.com/advisories/GHSA-vpc2-3wcv-qj4w