Home > Vulnerability Database > CVE-2022-29237

Mend.io Vulnerability Database

CVE-2022-29237

Good to know:

Date: May 24, 2022

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast's ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7.

Language: Java

Severity Score

5.4

Related Resources (4)

Url: https://github.com/opencast/opencast/security/advisories/GHSA-qm6v-cg9v-53j3

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-29237

Url: https://github.com/opencast/opencast/commit/8d5ec1614eed109b812bc27b0c6d3214e456d4e7

Url: https://www.mend.io/vulnerability-database/CVE-2022-29237

Severity Score

5.4

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version org.opencastproject:opencast-ingest-service-impl:11.7

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-29237

Good to know:

Date: May 24, 2022

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?