CVE-2024-51489

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 11, 2024

Updated: Nov 14, 2024

CWE ID 352

Summary

CVE-2024-51489 is a vulnerability affecting the Ampache media streaming application. The issue lies in the current implementation of token parsing, which fails to properly validate CSRF tokens during user message transmission. An attacker can exploit this weakness to launch CSRF attacks, enabling them to send malicious messages to any user, including administrators, if they interact with a manipulated request. Ampache users are urged to upgrade to version 7.0.1 to mitigate this risk, as no known workarounds for this vulnerability have been identified.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ampache

Affected Vendors

Ampache

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z8UMn7
https://www.cve.org/CVERecord?id=CVE-2024-51489
https://nvd.nist.gov/vuln/detail/CVE-2024-51489

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners