CVE-2021-43821 Explained : Impact and Mitigation

Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, enabling attackers to include local files from Opencast's host machines.

Understanding CVE-2021-43821

What is CVE-2021-43821?

Opencast is an Open Source Lecture Capture & Video Management system for Education that, before version 9.10 or 10.6, permitted references to local file URLs in ingested media packages, potentially granting attackers access to host machine files.

The Impact of CVE-2021-43821

This vulnerability has a CVSS base score of 9.9 (Critical severity) with high confidentiality, integrity, and availability impacts. Attackers could extract secrets from the host machine and affect files the process has read access to.

Technical Details of CVE-2021-43821

Vulnerability Description

Opencast allowed references to local file URLs in media packages pre-version 9.10 or 10.6, enabling attackers to include local files from host machines.

Affected Systems and Versions

Product: Opencast
Vendor: Opencast
Versions Affected: < 10.6

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Scope: Changed

Mitigation and Prevention

Immediate Steps to Take

Update to Opencast versions 10.6 or 11.0, where the issue has been fixed.
Narrow down Opencast's read access to files using UNIX permissions or SELinux.

Long-Term Security Practices

Restrict privileges given to users to add new media.
Regularly update Opencast to the latest versions.
Implement mandatory access control systems like SELinux.

Patching and Updates

It is highly recommended to update Opencast to versions 10.6 or 11.0 for a permanent fix.