Opencast Ignores Recording Permissions In Some Cases
8 views
Skip to first unread message
Greg Logan
May 31, 2018, 1:42:56 PM5/31/18
to security...@opencast.org
Hello,
this is the official security notice regarding a minor security issue
recently discovered in Opencast versions earlier than 3.5, and 4.3.
Description:
Recordingd without XACML catalogs attached may allow public access
to
the content.
Affects:
This issue affects Opencast versions earlier than 3.5, and 4.3.
Details:
Opencast relies on XACML catalogs internally to maintain its access
control
lists so it can restrict access to media unless the user has
appropriate
roles. An issue has been identified which allowed unauthenticated
access
to media if this catalog is missing. While this is not likely to
occur by
default, we felt it was appropriate to issue a security advisory
when we
resolved the issue. This issue is filed at:
https://opencast.jira.com/browse/MH-12841
Patching the system:
Patches for this issue are included in Opencast 3.6, and 4.4.
Credits:
This issue was discovered and fixed by Lars Kiesow (University of
Osnabruck)
this is the official security notice regarding a minor security issue
recently discovered in Opencast versions earlier than 3.5, and 4.3.
Description:
Recordingd without XACML catalogs attached may allow public access
to
the content.
Affects:
This issue affects Opencast versions earlier than 3.5, and 4.3.
Details:
Opencast relies on XACML catalogs internally to maintain its access
control
lists so it can restrict access to media unless the user has
appropriate
roles. An issue has been identified which allowed unauthenticated
access
to media if this catalog is missing. While this is not likely to
occur by
default, we felt it was appropriate to issue a security advisory
when we
resolved the issue. This issue is filed at:
https://opencast.jira.com/browse/MH-12841
Patching the system:
Patches for this issue are included in Opencast 3.6, and 4.4.
Credits:
This issue was discovered and fixed by Lars Kiesow (University of
Osnabruck)
Reply all
Reply to author
Forward
0 new messages