CVE-2017-1000221

Name of the Vulnerable Software and Affected Versions Opencast versions 2.2.3 and older

Description The Opencast search service, used for publication to media modules and players, incorrectly handles access control when user names overlap. This allows users to access recordings by matching only part of the restricted user name. For instance, a user with the role ROLE USER can access recordings published for ROLE USER X.

Recommendations For Opencast versions 2.2.3 and older, consider restricting access to the search service until a fix is available, or ensure that user names do not overlap to minimize the risk of incorrect access control. At the moment, there is no information about a newer version that contains a fix for this vulnerability.