Volerion logoVolerion
Volerion logoVolerion

Opencast Global System Account Credential Exposure Vulnerability

Vulnerability

A vulnerability in Opencast versions prior to 17.6 allows for the unintended transmission of hashed global system account credentials when fetching mediapackage elements from a mediapackage XML file. This issue arises because Opencast would send these credentials to any specified URL, regardless of whether it was part of the Opencast cluster. The vulnerability could be exploited by anyone with ingest permissions, who could cause Opencast to send its hashed credentials to a chosen URL.

Impact

Exploitation of this vulnerability could lead to the exposure of hashed global system account credentials, which could potentially be cracked and used to impersonate the account.

Reproduction

The vulnerability can be reproduced by uploading a mediapackage that includes elements referencing external URLs. Opencast will then send requests to these URLs, inadvertently including the hashed global system account credentials in the headers. This behavior can be tested by monitoring the target URL for the presence of these credentials.

Remediation

Users can upgrade to Opencast version 17.6 or later, where this issue has been addressed.

Added: Jul 26, 2025, 4:42 AM
Updated: Jul 26, 2025, 4:42 AM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
2.5
exploitability
6.4
remediation
7.7
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.