CVE-2024-31450

{"id": "CVE-2024-31450", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-04-19T19:15:06.873", "references": [{"url": "https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63", "source": "security-advisories@github.com"}, {"url": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e", "source": "security-advisories@github.com"}, {"url": "https://github.com/owncast/owncast/releases/tag/v0.1.3", "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/", "source": "security-advisories@github.com"}, {"url": "https://github.com/owncast/owncast/blob/v0.1.2/controllers/admin/emoji.go#L63", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/owncast/owncast/commit/1b14800c7d7f54be14ed4d130bfe7f480645076e", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/owncast/owncast/releases/tag/v0.1.3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://securitylab.github.com/advisories/GHSL-2023-277_Owncast/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3."}, {"lang": "es", "value": "Owncast es un servidor de chat y transmisi\u00f3n de video en vivo de c\u00f3digo abierto, autohospedado, descentralizado y de un solo usuario. La aplicaci\u00f3n Owncast expone una API de administrador en la URL /api/admin. El endpoint emoji/eliminar de dicha API permite a los administradores eliminar emojis personalizados, que se guardan en el disco. El nombre del par\u00e1metro se toma de la solicitud JSON y se agrega directamente a la ruta del archivo que apunta al emoji que se eliminar\u00e1. Al utilizar secuencias de path traversal (../), los atacantes con privilegios administrativos pueden aprovechar este endpoint para eliminar archivos arbitrarios en el sistema, fuera del directorio emoji. Esta vulnerabilidad se solucion\u00f3 en 0.1.3."}], "lastModified": "2024-11-21T09:13:32.687", "sourceIdentifier": "security-advisories@github.com"}