Details of VAR-201812-1298

ID

VAR-201812-1298

TITLE

Subsonic server-side request forgery vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-25689

DESCRIPTION

Subsonic is a media file hosting platform. A request forgery vulnerability exists on the Subsonic server. The vulnerability is located in the "internetRadioSettings.view" module and the "streamUrl" parameter of the localhost path URL. Allows remote attackers to hijack Internet wireless current authentication.

Trust: 0.6

sources: CNVD: CNVD-2018-25689

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-25689

AFFECTED PRODUCTS

vendor:

subsonic

model:

subsonic

scope:

version:

6.1.5

Trust: 0.6

sources: CNVD: CNVD-2018-25689

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-25689
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-25689
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-25689

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-25689

Trust: 0.6

sources: CNVD: CNVD-2018-25689

REFERENCES

url:

https://www.vulnerability-lab.com/get_content.php?id=2175

Trust: 0.6

sources: CNVD: CNVD-2018-25689

SOURCES

db:

CNVD

id:

CNVD-2018-25689

LAST UPDATE DATE

2022-05-04T09:50:55.208000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-25689

date:

2018-12-18T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-25689

date:

2018-12-17T00:00:00