How severe is CVE-2020-5230?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-5230?

This is classified as CWE-99, which is a common weakness in software security.

CVE-2020-5230 - HIGH Severity | CVSS 7.5

Vulnerability Description

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.

Related Vulnerabilities

CVE-2016-8615

HIGH

CVSS:7.5(High)

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies...

CWE-992016

CVE-2019-6545

HIGH

CVSS:7.5(High)

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specia...

CWE-992019

CVE-2023-6603

HIGH

CVSS:7.5(High)

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.

CWE-992023

CVE-2025-1642

MEDIUM

CVSS:7.5(High)

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation o...

CWE-992025

CVE-2020-8177

HIGH

CVSS:7.8(High)

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

CWE-992020

CVE-2023-6605

HIGH

CVSS:7.2(High)

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing mali...

CWE-992023