CVE-2024-52797: Searching Opencast may cause a denial of service

November 20, 2024

First noticed in Opencast 13 and 14, Opencast’s Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion.

References

github.com/advisories/GHSA-jh6x-7xfg-9cq2
github.com/opencast/opencast
github.com/opencast/opencast/pull/5033
github.com/opencast/opencast/pull/5150
github.com/opencast/opencast/security/advisories/GHSA-jh6x-7xfg-9cq2
nvd.nist.gov/vuln/detail/CVE-2024-52797

Detect and mitigate CVE-2024-52797 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →