CVE-2020-5228 : Security Advisory and Response
Opencast before 8.1 and 7.6 allows unauthorized public access to media and metadata via OAI-PMH. Learn about the impact, technical details, and mitigation steps for CVE-2020-5228.
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. Learn about the impact, technical details, and mitigation steps.
Understanding CVE-2020-5228
What is CVE-2020-5228?
Opencast before versions 8.1 and 7.6 permits unauthorized public access to media and metadata through OAI-PMH, potentially exposing sensitive information.
The Impact of CVE-2020-5228
This vulnerability has a CVSS base score of 7.6, indicating a high severity issue with significant confidentiality impact.
Technical Details of CVE-2020-5228
Vulnerability Description
The flaw in Opencast allows default access to media and metadata via OAI-PMH, potentially leading to unintentional public exposure of content.
Affected Systems and Versions
- Affected versions include Opencast < 7.6 and >= 8.0, < 8.1
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Network
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
Mitigation and Prevention
Immediate Steps to Take
- Upgrade Opencast to version 7.6 or 8.1 where OAI-PMH requires
ROLE_ADMIN- Disable OAI-PMH publication in Opencast 9 to prevent unauthorized access
Long-Term Security Practices
- Regularly review and update access controls and permissions
- Conduct security audits to identify and address vulnerabilities
Patching and Updates
- Apply patches and updates provided by Opencast to address this vulnerability