Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory.
References
Link | Resource |
---|---|
https://github.com/ampache/ampache/security/advisories/GHSA-p9pm-j95j-5mjf | Exploit Mitigation Third Party Advisory |
Configurations
History
21 Oct 2022, 22:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
19 Apr 2021, 18:13
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://github.com/ampache/ampache/security/advisories/GHSA-p9pm-j95j-5mjf - Exploit, Mitigation, Third Party Advisory |
13 Apr 2021, 20:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-13 20:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-21399
Mitre link : CVE-2021-21399
CVE.ORG link : CVE-2021-21399
JSON object : View
Products Affected
ampache
- ampache