Skip to main content

Opencast

17 CVEs product

Monthly

CVE-2025-55202 Maven LOW PATCH Monitor

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Opencast
NVD GitHub
CVSS 4.0
2.7
EPSS
0.1%
CVE-2024-52797 Maven HIGH PATCH This Week

Opencast is free and open source software for automated video capture and distribution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Elastic Denial Of Service Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-41965 Maven MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Opencast
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-29237 Maven MEDIUM PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution at scale. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-43821 Maven HIGH POC PATCH This Week

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Opencast
NVD GitHub
CVSS 3.1
7.7
EPSS
2.0%
CVE-2021-43807 Maven MEDIUM POC PATCH This Month

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-32623 Maven MEDIUM POC PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21318 MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-26234 Maven MEDIUM PATCH This Month

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Java Information Disclosure Opencast
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2020-5231 Maven MEDIUM POC PATCH This Month

In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-5206 Maven CRITICAL PATCH Act Now

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-5230 Maven HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5222 Maven HIGH PATCH This Week

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-5229 Maven HIGH PATCH This Week

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Opencast
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-5228 Maven HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2017-1000221 Maven MEDIUM POC PATCH This Month

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opencast
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-1000217 Maven HIGH PATCH This Week

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Opencast
NVD
CVSS 3.0
8.8
EPSS
0.7%
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Opencast
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Opencast is free and open source software for automated video capture and distribution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Elastic Denial Of Service Opencast
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Opencast
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution at scale. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Opencast
NVD GitHub
EPSS 2% CVSS 7.7
HIGH POC PATCH This Week

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Opencast
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Opencast is an Open Source Lecture Capture & Video Management for Education. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Authentication Bypass Opencast
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Opencast
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Opencast
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Java Information Disclosure Opencast
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Opencast
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opencast
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opencast
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Opencast
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Opencast
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Opencast
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opencast
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Opencast
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy