SB2022051931 - Improper access control in Opencast
Published: May 19, 2022 Updated: April 23, 2026
Security Bulletin ID
SB2022051931
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper access control (CVE-ID: CVE-2022-29237)
The vulnerability allows a remote user to bypass organizational barriers.
The vulnerability exists due to improper access control in the ingest REST interface when importing media files from user-supplied URLs. A remote user can supply a URL to a file belonging to another organization to bypass organizational barriers.
Exploitation requires full access to the ingest REST interface and knowledge of internal links to resources in another organization of the same Opencast cluster. Only multi-tenant clusters are affected.
Remediation
Install update from vendor's website.