Main Vulnerability Database Vulnerabilities #VU127017

Path traversal in Opencast - CVE-2020-5230

Published: January 29, 2020 / Updated: April 23, 2026

Vulnerability identifier: #VU127017

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-5230

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apereo Foundation

Affected software:
Opencast

Detailed vulnerability description

The vulnerability allows a remote attacker to write files to unintended locations.

The vulnerability exists due to improper input validation in identifier handling for media packages and elements when using identifiers in file system operations. A remote attacker can supply a crafted identifier to write files to unintended locations.

How to mitigate CVE-2020-5230

Install security update from vendor's website.

Sources

https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq
https://github.com/advisories/GHSA-w29m-fjp4-qhmq

Path traversal in Opencast - CVE-2020-5230

Detailed vulnerability description

How to mitigate CVE-2020-5230

Sources

Please verify you're human