admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added Opencast

Browse Source
This commit is contained in:
Kurt Seifried 2017-11-16 13:39:23 -07:00
parent 87e2211f6e
commit 6a2587c7b5
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
2 changed files with 127 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2017/1000xxx/CVE-2017-1000217.json Normal file
View File

@ -0,0 +1,65 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.445777",
"ID": "CVE-2017-1000217",
"REQUESTER": "lkiesow@uos.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opencast",
"version": {
"version_data": [
{
"version_value": "2.3.2 and older"
}
]
}
}
]
},
"vendor_name": "Apereo Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://groups.google.com/a/opencast.org/forum/#!forum/security-notices"
},
{
"url": "https://groups.google.com/a/opencast.org/forum/#!topic/security-notices/sCpt0pIPEFg"
}
]
}
}

62
2017/1000xxx/CVE-2017-1000221.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.450633",
"ID": "CVE-2017-1000221",
"REQUESTER": "lkiesow@uos.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Opencast",
"version": {
"version_data": [
{
"version_value": "2.2.3 and older"
}
]
}
}
]
},
"vendor_name": "Apereo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://opencast.jira.com/browse/MH-11862"
}
]
}
}