CVE-2024-22416 - Vulnerability Details - OpenCVE

ReportizFlow

pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pyload-ng Project	Pyload-ng

Configuration 1 [-]

cpe:2.3:a:pyload-ng_project:pyload-ng:*:*:*:*:*:python:*:*

No data.

References

Link	Providers
https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e
https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc
https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-17T23:48:31.422Z

Updated: 2024-08-01T22:43:34.922Z

Reserved: 2024-01-10T15:09:55.552Z

Link: CVE-2024-22416

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-18T00:15:38.397

Modified: 2024-11-21T08:56:14.540

Link: CVE-2024-22416

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22416", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-10T15:09:55.552Z", "datePublished": "2024-01-17T23:48:31.422Z", "dateUpdated": "2024-08-01T22:43:34.922Z"}, "containers": {"cna": {"title": "Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.7, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm"}, {"name": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e"}, {"name": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc"}], "affected": [{"vendor": "pyload", "product": "pyload", "versions": [{"version": "< 0.5.0b3.dev78", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-17T23:48:31.422Z"}, "descriptions": [{"lang": "en", "value": "pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade."}], "source": {"advisory": "GHSA-pgpj-v85q-h5fm", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.922Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm"}, {"name": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e"}, {"name": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyload-ng_project:pyload-ng:*:*:*:*:*:python:*:*", "matchCriteriaId": "DD4F56D8-B2D0-4DDE-B8FD-51F372957087", "versionEndExcluding": "0.5.0b3.dev78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade."}, {"lang": "es", "value": "pyLoad es un administrador de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. La API `pyload` permite realizar cualquier llamada a la API mediante solicitudes GET. Dado que la cookie de sesi\u00f3n no est\u00e1 configurada en \"SameSite: strict\", esto abre la librer\u00eda a graves posibilidades de ataque a trav\u00e9s de un ataque de Cross-Site Request Forgery (CSRF). Como resultado, cualquier llamada a la API puede realizarse mediante un ataque CSRF por parte de un usuario no autenticado. Este problema se solucion\u00f3 en la versi\u00f3n `0.5.0b3.dev78`. Se recomienda a todos los usuarios que actualicen."}], "id": "CVE-2024-22416", "lastModified": "2024-11-21T08:56:14.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-01-18T00:15:38.397", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}