Main
Vulnerability Database
Exploits
ID:7206 - Exploit for Files or Directories Accessible to External Parties in Opencast - CVE-2021-43821
ID:7206 - Exploit for Files or Directories Accessible to External Parties in Opencast - CVE-2021-43821
Published: December 27, 2021
Vulnerability identifier: #VU59086
Vulnerability risk: Medium
CVE-ID: CVE-2021-43821
CWE-ID: CWE-552
Exploitation vector: Remote access
Vulnerable software:
Opencast
Opencast
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to a logic error that allows references to local file URLs in ingested media packages. A remote user can include arbitrary local files from Opencast's host machine and make them publicly available via the web interface.
Remediation
Install updates from vendor's website.