Vulnerabilities > CVE-2018-20228 - Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5

047910
CVSS 8.0 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
subsonic
CWE-918
NVD
Published: 2018-12-19
Updated: 2019-01-24

Summary

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.

Vulnerable Configurations

Part Description Count
Application
Subsonic
1

Common Weakness Enumeration (CWE)

Vulner Lab

idVULNERLAB:2175
last seen2019-07-10
modified2018-12-17
published2018-12-17
reporterS.AbenMassaoud [[email protected]] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
sourcehttp://www.vulnerability-lab.com/get_content.php?id=2175
titleSubsonic v6.1.5 - Server Side Request Forgery & CSRF

References