CVE-2020-5231 in Opencast信息

摘要

由 MITRE

In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name ï¿½ implying an admin for a specific course ï¿½ users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

负责

GitHub, Inc.

预定

2020-01-02

管理

已接受

条目

VDB-149581

CPE

准备好

CWE

CWE-285 (已确认)

CVSS

4.8 (NVD)

EPSS

0.00229

KEV

否

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-5231
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5231
CVE Details	https://www.cvedetails.com/cve/CVE-2020-5231/

◂ 上一步一览下一步 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!