What is CVE-2020-5230?

CVE-2020-5230 is a high-severity vulnerability in Opencast, classified under Resource Injection. CVSS score: 7.7/10. Published 2020-01-30.

How severe is CVE-2020-5230?

High severity. CVSS v3 base score is 7.7 out of 10.

Vulnerability in Opencast

CVE-2020-5230

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may l…

EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Opencast — versions < 7.6, >= 8.0, < 8.1

Weakness classification (CWE)

CWE-99 — Resource Injection

References

github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq (x_refsource_CONFIRM)
github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-5230?: CVE-2020-5230 is a high-severity vulnerability in Opencast, classified under Resource Injection. CVSS score: 7.7/10. Published 2020-01-30.
How severe is CVE-2020-5230?: High severity. CVSS v3 base score is 7.7 out of 10.