CVE-2021-43821

Name of the Vulnerable Software and Affected Versions Opencast versions prior to 9.10 Opencast versions prior to 10.6

Description The issue allows attackers to include local files from Opencast's host machines and make them available via the web interface. This is possible because Opencast would open and include local files during ingests, allowing attackers to extract secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. These privileges are often widely given. The issue can be mitigated by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux.

Recommendations For Opencast versions prior to 9.10, update to version 9.10 or later. For Opencast versions prior to 10.6, update to version 10.6 or later. As a temporary workaround, consider narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux.