org.opencastproject:opencast-ingest-service-impl@10.9 vulnerabilities
-
latest version
15.4
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.opencastproject:opencast-ingest-service-impl package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.opencastproject:opencast-ingest-service-impl is a free and open source solution for automated video capture and distribution at scale. Affected versions of this package are vulnerable to Access Control Bypass where users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Note: To be able to exploit this vulnerability, attackers must have full access to Opencast's ingest REST interface of an application, and also know internal links to resources in another organization of the same Opencast cluster. Furthermore, users who do not run a multi-tenant cluster are not affected by this issue. How to fix Access Control Bypass? Upgrade |
[,11.7)
|