Cross-Site Request Forgery Vulnerability in Ampache
CVE-2024-51488

5.4MEDIUM

Key Information:

Vendor: Ampache
Status: Ampache
Vendor: CVE Published:; 11 November 2024

What is CVE-2024-51488?

Ampache, a popular web-based audio and video streaming application, has a critical vulnerability related to its CSRF token parsing mechanism. The flawed implementation permits malicious actors to forge requests that affect message deletion for any user, including administrators. When an authenticated user interacts with a carefully crafted request, an attacker can manipulate the session and delete messages without the user's consent. This exploit poses a significant threat to user data integrity and application security. Users are strongly advised to upgrade to version 7.0.1 or later to mitigate this risk, as no workarounds are available. Further details on this vulnerability can be found in the official advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ampache < 7.0.1

References

https://github.com/ampache/ampache/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2024
Vulnerability Reserved
Oct 28, 2024

JSON

Ampache

What is CVE-2024-51488?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.