Описание
AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.
Уязвимые конфигурации
Конфигурация 1Версия до 20.0 (исключая)
cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
около 2 месяцев назад
AVideo versions prior to 20.0 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.
EPSS
Процентиль: 19%
0.00061
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639