CVE-2021-21318

Name of the Vulnerable Software and Affected Versions Opencast versions prior to 9.2

Description The issue affects Opencast, a free, open-source platform for managing educational audio and video content. In affected versions, publishing an episode with strict access rules overwrites the currently set series access, allowing for easy denial of access for all users without superuser privileges and effectively hiding the series. Access to series and series metadata on the search service depends on the events published, which are part of the series. However, affected versions of Opencast may not update the series access or remove a published series if an event is being removed, leading to inconsistent access control lists or series metadata still being available after all episodes have been removed.

Recommendations For Opencast versions prior to 9.2, update to version 9.2 to resolve the issue.