CVE-2019-19833
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,6552
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
352
Cross-Site Request Forgery (CSRF)
StableCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Non-Repudiation
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Read Application Data
Modify Application Data
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Tautulli by Tautulli
CPE Identifier
View Detailed Analysis
cpe:2.3:a:tautulli:tautulli:2.1.9:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-F…
http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.ht…
https://github.com/Tautulli/Tautulli/compare/v2.1.9...v2.1.10-beta
http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-F…
http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.ht…
https://github.com/Tautulli/Tautulli/compare/v2.1.9...v2.1.10-beta