CVE-2024-47828

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47828
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/ampache/ampache/security/advisories/GHSA-p9cq-2qph-55f2 Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*
History

17 Oct 2024, 13:55

Type Values Removed Values Added
CPE cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*
First Time Ampache
Ampache ampache
References () https://github.com/ampache/ampache/security/advisories/GHSA-p9cq-2qph-55f2 - () https://github.com/ampache/ampache/security/advisories/GHSA-p9cq-2qph-55f2 - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 6.5

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) Ampache es una aplicación de transmisión de audio y video basada en la Web y un administrador de archivos. Se puede realizar un ataque CSRF para eliminar objetos (listas de reproducción, listas inteligentes, etc.). Cross-Site Request Forgery (CSRF) es un ataque que obliga a los usuarios autenticados a enviar una solicitud a una aplicación Web en la que están autenticados actualmente. Esta vulnerabilidad se puede explotar mediante la creación de un script malicioso con una ID de lista de reproducción arbitraria que pertenece a otro usuario. Cuando el usuario envía la solicitud, se eliminará su lista de reproducción. Cualquier usuario con sesiones activas que sea engañado para enviar una solicitud maliciosa se verá afectado, ya que sus listas de reproducción u otros objetos podrían eliminarse sin su consentimiento.

09 Oct 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-09 19:15

Updated : 2024-10-17 13:55

NVD link : CVE-2024-47828

Mitre link : CVE-2024-47828

CVE.ORG link : CVE-2024-47828

JSON object : View

Products Affected

ampache

  • ampache
CWE
CWE-352

Cross-Site Request Forgery (CSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024