Vulnerability in Apereo Opencast
CVE-2021-43807
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET r…
EPSS: 0.014 (69.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Apereo Opencast
- Opencast — versions < 9.10
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Exploit, Patch, Third Party Advisory)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-43807?
- CVE-2021-43807 is a high-severity vulnerability in Apereo Opencast, classified under Authentication Bypass by Spoofing. CVSS score: 7.5/10. Published 2021-12-14.
- How severe is CVE-2021-43807?
- High severity. CVSS v3 base score is 7.5 out of 10.