cvelist/2017/1000xxx/CVE-2017-1000221.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
      "DATE_ASSIGNED" : "2017-08-22T17:29:33.450633",
      "ID" : "CVE-2017-1000221",
      "REQUESTER" : "lkiesow@uos.de",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Opencast",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "2.2.3 and older"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Apereo"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Incorrect Access Control"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://opencast.jira.com/browse/MH-11862",
            "refsource" : "CONFIRM",
            "url" : "https://opencast.jira.com/browse/MH-11862"
         }
      ]
   }
}
Added Opencast 2017-11-16 13:39:23 -07:00			`{`
- Synchronized data. 2017-11-17 17:03:34 -05:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",`
			`"DATE_ASSIGNED" : "2017-08-22T17:29:33.450633",`
			`"ID" : "CVE-2017-1000221",`
			`"REQUESTER" : "lkiesow@uos.de",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
Added Opencast 2017-11-16 13:39:23 -07:00			`{`
- Synchronized data. 2017-11-17 17:03:34 -05:00			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Opencast",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "2.2.3 and older"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Apereo"`
Added Opencast 2017-11-16 13:39:23 -07:00			`}`
- Synchronized data. 2017-11-17 17:03:34 -05:00			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Incorrect Access Control"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://opencast.jira.com/browse/MH-11862",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2017-11-17 17:03:34 -05:00			`"url" : "https://opencast.jira.com/browse/MH-11862"`
			`}`
			`]`
			`}`
Added Opencast 2017-11-16 13:39:23 -07:00			`}`