Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory.
References
Link | Resource |
---|---|
https://github.com/ampache/ampache/security/advisories/GHSA-p9pm-j95j-5mjf | Exploit Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-04-13T17:50:13
Updated: 2021-04-13T17:50:13
Reserved: 2020-12-22T00:00:00
Link: CVE-2021-21399
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-13T20:15:14.843
Modified: 2022-10-21T22:43:22.647
Link: CVE-2021-21399
JSON object: View
Redhat Information
No data.