Cross-Site Request Forgery Vulnerability in Streama by Streama Server
CVE-2021-41764

8.8HIGH

Key Information:

Vendor

Streama Project

Status
Streama
Vendor
CVE Published:
29 September 2021

What is CVE-2021-41764?

A CSRF vulnerability in Streama allows attackers to exploit the application by performing unauthorized actions without proper checks. The absence of CSRF protections permits a logged-in administrator to unknowingly upload arbitrary local files, which can then be accessed or manipulated by the attacker. This vulnerability underscores the importance of implementing adequate security measures to safeguard administrative actions against CSRF attacks.

References

https://github.com/streamaserver/streama
x_refsource_MISC
https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ec...
x_refsource_MISC
https://gist.github.com/omriinbar/8277193731d0edf20ef7129...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-41764 : Cross-Site Request Forgery Vulnerability in Streama by Streama Server