There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.
References
Link | Resource |
---|---|
https://cube01.io/blog/Avideo-Remote-Code-Execution.html | Exploit Third Party Advisory |
https://github.com/WWBN/AVideo/commit/218c98cbd4a4a2c15745852bcd0f29faf101bd8c | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-16T17:03:52
Updated: 2020-11-16T17:03:52
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-23490
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-16T18:15:12.360
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-23490
JSON object: View
Redhat Information
No data.
CWE