Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y227-qhhq-2kgg
Vulnerability ID VCID-y227-qhhq-2kgg
Aliases CVE-2020-5229
GHSA-h362-m8f2-5x7c
Summary Password Hashing: Do not use MD5
Status Published
Exploitability 0.5
Weighted Severity 6.9
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2020-5229
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2020-5229
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2020-5229
epss 0.00146 https://api.first.org/data/v1/epss?cve=CVE-2020-5229
cvssv3.1_qr LOW https://github.com/advisories/GHSA-h362-m8f2-5x7c
cvssv3.1 7.7 https://github.com/opencast/opencast/commit/32bfbe5f78e214e2d589f92050228b91d704758e
generic_textual LOW https://github.com/opencast/opencast/commit/32bfbe5f78e214e2d589f92050228b91d704758e
cvssv3.1 7.7 https://github.com/opencast/opencast/security/advisories/GHSA-h362-m8f2-5x7c
cvssv3.1_qr LOW https://github.com/opencast/opencast/security/advisories/GHSA-h362-m8f2-5x7c
generic_textual LOW https://github.com/opencast/opencast/security/advisories/GHSA-h362-m8f2-5x7c
cvssv3.1 7.7 https://nvd.nist.gov/vuln/detail/CVE-2020-5229
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2020-5229
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-5229
https://github.com/opencast/opencast/commit/32bfbe5f78e214e2d589f92050228b91d704758e
CVE-2020-5229 https://nvd.nist.gov/vuln/detail/CVE-2020-5229
GHSA-h362-m8f2-5x7c https://github.com/advisories/GHSA-h362-m8f2-5x7c
GHSA-h362-m8f2-5x7c https://github.com/opencast/opencast/security/advisories/GHSA-h362-m8f2-5x7c
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/opencast/opencast/commit/32bfbe5f78e214e2d589f92050228b91d704758e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/opencast/opencast/security/advisories/GHSA-h362-m8f2-5x7c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-5229
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.3473
EPSS Score 0.00146
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:25:48.337291+00:00 GHSA Importer Import https://github.com/advisories/GHSA-h362-m8f2-5x7c 38.6.0