{ "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24739", "STATE": "PUBLIC", "TITLE": "Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "alltube", "version": { "version_data": [ { "version_value": "< 3.0.3" } ] } } ] }, "vendor_name": "Rudloff" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" } ] }, { "description": [ { "lang": "eng", "value": "CWE-918: Server-Side Request Forgery (SSRF)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp", "refsource": "CONFIRM", "url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp" }, { "name": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d", "refsource": "MISC", "url": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d" }, { "name": "https://github.com/Rudloff/alltube/commit/8913f27716400dabf4906a5ad690a5238f73496a", "refsource": "MISC", "url": "https://github.com/Rudloff/alltube/commit/8913f27716400dabf4906a5ad690a5238f73496a" }, { "name": "https://github.com/Rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a", "refsource": "MISC", "url": "https://github.com/Rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a" } ] }, "source": { "advisory": "GHSA-75p7-527p-w8wp", "discovery": "UNKNOWN" } }