org.opencastproject:opencast-kernel@16.9 vulnerabilities

latest version

16.10

first published

5 years ago

latest version published

4 months ago

licenses detected

ECL-2.0
[0,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.opencastproject:opencast-kernel package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Insufficiently Protected Credentials org.opencastproject:opencast-kernel is a free and open source solution for automated video capture and distribution at scale. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the process of fetching `MediaPackage` elements included in a `MediaPackage` XML file. An attacker can obtain hashed global system account credentials by leveraging ingest permissions to cause the system to send these credentials to a URL under their control. How to fix Insufficiently Protected Credentials? A fix was pushed into the `master` branch but not yet published.	[0,)

Insufficiently Protected Credentials

org.opencastproject:opencast-kernel is a free and open source solution for automated video capture and distribution at scale.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the process of fetching MediaPackage elements included in a MediaPackage XML file. An attacker can obtain hashed global system account credentials by leveraging ingest permissions to cause the system to send these credentials to a URL under their control.

How to fix Insufficiently Protected Credentials?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package