org.opencastproject:opencast-kernel (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.opencastproject:opencast-kernel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-5206 — CVSS 8.7 (high): In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication…
CVE-2021-32623 — CVSS 8.1 (high): Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable…
CVE-2020-5222 — CVSS 6.8 (medium): Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key…
CVE-2017-1000221 — CVSS 6.5 (medium): In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will…
CVE-2025-54380 — CVSS 6.5 (medium): Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast…
CVE-2020-5231 — CVSS 4.8 (medium): In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the…
CVE-2020-26234 — CVSS 4.8 (medium): Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP…