Apereo Opencast

20 CVEs affecting Apereo Opencast. Latest disclosed: 2025-10-08. Critical: 1, High: 7.

Top CVEs affecting Apereo Opencast
CVESeverityScorePublishedSummary
CVE-2021-43821Critical9.92021-12-14Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in inges…
CVE-2020-5206High8.72020-01-30In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if…
CVE-2021-32623High8.12021-06-16Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laugh…
CVE-2020-5230High7.72020-01-30Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security…
CVE-2020-5229High7.72020-01-30Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the…
CVE-2020-5228High7.62020-01-30Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is…
CVE-2018-16153High7.52023-12-12An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary externa…
CVE-2021-43807High7.52021-12-14Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the…
CVE-2020-5222Medium6.82020-01-30Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an…
CVE-2025-54380Medium6.52025-07-26Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly se…
CVE-2024-52797Medium6.52024-11-21Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integrati…
CVE-2017-1000221Medium6.52017-11-17In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access con…
CVE-2022-41965Medium5.72022-11-28Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentica…
CVE-2025-61788Medium5.42025-10-08Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would in…
CVE-2022-29237Medium5.42022-05-24Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URL…
CVE-2021-21318Medium5.42021-02-18Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerabil…
CVE-2025-55202Medium5.32025-08-29Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protec…
CVE-2020-26234Medium4.82020-12-08Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname ver…
CVE-2020-5231Medium4.82020-01-30In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. RO…
CVE-2025-61906Medium4.32025-10-08Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations…