How severe is CVE-2021-43821?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2021-43821?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2021-43821

HIGH Year: 2021

CVSS v3 Score

7.7

High

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-552

View all →

Vulnerability Description

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating.

CVE-2017-15104

HIGH

CVSS:7.8(High)

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi....

CWE-5522017

CVE-2017-16651

HIGH

CVSS:7.8(High)

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the w...

CWE-5522017

CVE-2019-13404

HIGH

CVSS:7.8(High)

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases bef...

CWE-5522019

CVE-2021-22015

HIGH

CVSS:7.8(High)

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may ...

CWE-5522021

CVE-2021-3717

HIGH

CVSS:7.8(High)

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat f...

CWE-5522021

CVE-2022-24138

HIGH

CVSS:7.8(High)

IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low...

CWE-5522022

CVE-2021-43821

Vulnerability Description

Related Vulnerabilities

CVE-2017-15104

CVE-2017-16651

CVE-2019-13404

CVE-2021-22015

CVE-2021-3717

CVE-2022-24138