A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.
References
Link | Resource |
---|---|
https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ecdad4eba3f | Exploit Third Party Advisory |
https://gist.github.com/omriinbar/8277193731d0edf20ef71299f304ab93 | Third Party Advisory |
https://github.com/streamaserver/streama | Product Third Party Advisory |
https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ecdad4eba3f | Exploit Third Party Advisory |
https://gist.github.com/omriinbar/8277193731d0edf20ef71299f304ab93 | Third Party Advisory |
https://github.com/streamaserver/streama | Product Third Party Advisory |
Configurations
History
21 Nov 2024, 06:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ecdad4eba3f - Exploit, Third Party Advisory | |
References | () https://gist.github.com/omriinbar/8277193731d0edf20ef71299f304ab93 - Third Party Advisory | |
References | () https://github.com/streamaserver/streama - Product, Third Party Advisory |
Information
Published : 2021-09-29 20:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41764
Mitre link : CVE-2021-41764
CVE.ORG link : CVE-2021-41764
JSON object : View
Products Affected
streama_project
- streama
CWE
CWE-352
Cross-Site Request Forgery (CSRF)