Vulnerabilities > CVE-2021-21286 - Incorrect Authorization vulnerability in Wwbn Avideo 10.1/8.9

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

wwbn

CWE-863

NVD

Published: 2021-02-01

Updated: 2021-02-05

Summary

AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash.

Vulnerable Configurations

Part	Description	Count
Application	Wwbn Wwbn Avideo - Wwbn Avideo 8.9 Wwbn Avideo 10.1	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://avideo.tube/
https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39