{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T19:05:36.243","vulnerabilities":[{"cve":{"id":"CVE-2020-5231","sourceIdentifier":"security-advisories@github.com","published":"2020-01-30T22:15:10.220","lastModified":"2026-06-17T03:21:04.517","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name – implying an admin for a specific course – users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration."},{"lang":"es","value":"En Opencast anterior a las versiones 7.6 y 8.1, los usuarios con el rol ROLE_COURSE_ADMIN pueden usar el punto final user-utils para crear nuevos usuarios sin incluir el rol ROLE_ADMIN. ROLE_COURSE_ADMIN es un rol no estándar en Opencast al que no se hace referencia ni en la documentación ni en ningún código (excepto para las pruebas) sino solo en la configuración de seguridad. Por el nombre, lo que implica un administrador para un curso específico, los usuarios nunca esperarían que este rol permita la creación de usuarios. Este problema se solucionó en 7.6 y 8.1, que incluyen una nueva configuración de seguridad predeterminada."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"opencast","product":"opencast","versions":[{"version":"< 7.6","status":"affected"},{"version":">= 8.0, < 8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6","matchCriteriaId":"7056094F-6E63-4BFB-B8A3-125746BA882C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apereo:opencast:8.0:*:*:*:*:*:*:*","matchCriteriaId":"4A82AABB-ACF6-4017-99E8-4DA90CE416D7"}]}]}],"references":[{"url":"https://github.com/opencast/opencast/commit/72fad0031d8a82c860e2bde0b27570c5042320ee","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/opencast/opencast/security/advisories/GHSA-94qw-r73x-j7hg","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/opencast/opencast/commit/72fad0031d8a82c860e2bde0b27570c5042320ee","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/opencast/opencast/security/advisories/GHSA-94qw-r73x-j7hg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}