AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash.
References
Link | Resource |
---|---|
https://avideo.tube/ | Vendor Advisory |
https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39 | Third Party Advisory |
https://avideo.tube/ | Vendor Advisory |
https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://avideo.tube/ - Vendor Advisory | |
References | () https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.7 |
Information
Published : 2021-02-01 16:15
Updated : 2024-11-21 05:47
NVD link : CVE-2021-21286
Mitre link : CVE-2021-21286
CVE.ORG link : CVE-2021-21286
JSON object : View
Products Affected
wwbn
- avideo
CWE
CWE-863
Incorrect Authorization