Uploaded image for project: 'Opencast'
  1. MH-13189

Paella player in opencast 5.x is vulnerable to script injection

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed and reviewed
    • Affects versions: 5.2
    • Fix versions: None
    • Components: Player

      Description

      Paella player is vulnerable to script injection, making it possible e.g. to craft a title which causes an index rebuild or adds new users if the right people watch that video.

      It is fixed in Opencast 6.0 (paella 6.0), but Opencast 5 (paella 5.2) is still vulnerable.

        TestRail: Results

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                miguelescriva Miguel Escriva
              • Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  TestRail: Cases