CVE-2024-51488

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 11, 2024
Updated: Nov 14, 2024
CWE ID 352

Summary

CVE-2024-51488 is a vulnerability affecting the Ampache web-based audio/video streaming application and file manager. The current implementation of token parsing in Ampache fails to properly validate CSRF tokens during message deletion. This weakness can be exploited by an attacker to perform CSRF attacks, allowing them to delete messages for any user, including administrators, upon interaction with a malicious request. Users are urged to upgrade to version 7.0.1 to mitigate this risk, as there are currently no known workarounds for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share