Information Exposure Affecting org.opencastproject:opencast-ingest-service-impl package, versions [,10.6)
Threat Intelligence
EPSS
0.06% (26th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGOPENCASTPROJECT-2320178
- published 15 Dec 2021
- disclosed 14 Dec 2021
- credit Stephen Marquard, Lars Kiesow, Greg Logan
How to fix?
Upgrade org.opencastproject:opencast-ingest-service-impl
to version 10.6 or higher.
Overview
org.opencastproject:opencast-ingest-service-impl is a free and open source solution for automated video capture and distribution at scale.
Affected versions of this package are vulnerable to Information Exposure. It will try to authenticate against any external services listed in a media package when it is trying to access the files, sending the global system user's credentials, regardless of whether the target is part of the Opencast cluster or not.
References
CVSS Scores
version 3.1