Strix
26.1K

CVE-2024-47828

MEDIUMCVSS 6.5/10EPSS 0.29%

Last modified

CVE-2024-47828 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Probability
0.29%

20.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmpacheAmpache<= 6.6.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-47828?
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.
How severe is CVE-2024-47828?
CVE-2024-47828 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2024-47828?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-47828?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST