CVE-2020-5231 in OpencastИнформация

Сводка

по MITRE

In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name ï¿½ implying an admin for a specific course ï¿½ users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub, Inc.

Резервировать

02.01.2020

Модерация

принято

Вход

VDB-149581

CPE

готов

CWE

CWE-285 (Подтверждённый)

CVSS

4.8 (NVD)

EPSS

0.00229

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-5231
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5231
CVE Details	https://www.cvedetails.com/cve/CVE-2020-5231/

◂ Предыдущий Обзор Далее ▸

Want to know what is going to be exploited?

We predict KEV entries!