CVE-2021-21318: Incorrect Authorization

February 18, 2021 (updated February 26, 2021)

Opencast is a free, open-source platform to support the management of educational audio and video content.On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast

References

github.com/opencast/opencast/commit/b18c6a7f81f08ed14884592a6c14c9ab611ad450
github.com/opencast/opencast/security/advisories/GHSA-vpc2-3wcv-qj4w
nvd.nist.gov/vuln/detail/CVE-2021-21318

Detect and mitigate CVE-2021-21318 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →