Apereo Opencast
20 CVEs affecting Apereo Opencast. Latest disclosed: 2025-10-08. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43821 | Critical | 9.9 | 2021-12-14 | Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in inges… |
CVE-2020-5206 | High | 8.7 | 2020-01-30 | In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if… |
CVE-2021-32623 | High | 8.1 | 2021-06-16 | Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laugh… |
CVE-2020-5230 | High | 7.7 | 2020-01-30 | Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security… |
CVE-2020-5229 | High | 7.7 | 2020-01-30 | Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the… |
CVE-2020-5228 | High | 7.6 | 2020-01-30 | Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is… |
CVE-2018-16153 | High | 7.5 | 2023-12-12 | An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary externa… |
CVE-2021-43807 | High | 7.5 | 2021-12-14 | Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the… |
CVE-2020-5222 | Medium | 6.8 | 2020-01-30 | Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an… |
CVE-2025-54380 | Medium | 6.5 | 2025-07-26 | Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly se… |
CVE-2024-52797 | Medium | 6.5 | 2024-11-21 | Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integrati… |
CVE-2017-1000221 | Medium | 6.5 | 2017-11-17 | In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access con… |
CVE-2022-41965 | Medium | 5.7 | 2022-11-28 | Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentica… |
CVE-2025-61788 | Medium | 5.4 | 2025-10-08 | Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would in… |
CVE-2022-29237 | Medium | 5.4 | 2022-05-24 | Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URL… |
CVE-2021-21318 | Medium | 5.4 | 2021-02-18 | Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerabil… |
CVE-2025-55202 | Medium | 5.3 | 2025-08-29 | Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protec… |
CVE-2020-26234 | Medium | 4.8 | 2020-12-08 | Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname ver… |
CVE-2020-5231 | Medium | 4.8 | 2020-01-30 | In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. RO… |
CVE-2025-61906 | Medium | 4.3 | 2025-10-08 | Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations… |