A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker.
References
Link | Resource |
---|---|
https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ecdad4eba3f | Exploit Third Party Advisory |
https://gist.github.com/omriinbar/8277193731d0edf20ef71299f304ab93 | Third Party Advisory |
https://github.com/streamaserver/streama | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-29T19:02:00
Updated: 2021-09-29T19:02:00
Reserved: 2021-09-27T00:00:00
Link: CVE-2021-41764
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-29T20:15:08.703
Modified: 2021-10-03T00:56:27.517
Link: CVE-2021-41764
JSON object: View
Redhat Information
No data.
CWE