Vulnerabilities > CVE-2018-20228 - Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
subsonic
CWE-918
NVD
Published: 2018-12-19
Updated: 2019-01-24

Summary

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.

Vulnerable Configurations

Part Description Count
Application
Subsonic
1

Common Weakness Enumeration (CWE)

Vulner Lab

idVULNERLAB:2175
last seen2019-07-10
modified2018-12-17
published2018-12-17
reporterS.AbenMassaoud [[email protected]] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
sourcehttp://www.vulnerability-lab.com/get_content.php?id=2175
titleSubsonic v6.1.5 - Server Side Request Forgery & CSRF

References