CVE-2017-10002212
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
- Public exploit or PoC is available
Exploitation evidence
1 of 7 sourcesExploitation momentum
16 days of EPSSCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N- 17 Nov 2017Published to NVD
- 17 Jun 2026Last modified
Public Exploits & PoCs
2ATT&CK techniques
1Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
▤ Build a SIEM detection for these techniquesCAPEC attack patterns
11Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.