CVE-2017-1000221: Incorrect Permission Assignment for Critical Resource

November 17, 2017 (updated October 3, 2019)

The Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.

References

nvd.nist.gov/vuln/detail/CVE-2017-1000221
opencast.jira.com/browse/MH-11862

Code Behaviors & Features

Detect and mitigate CVE-2017-1000221 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →