Lucene search

CVE-2023-50258

🗓️ 22 Dec 2023 17:09:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 19 Views🌐 WEB

Medusa automatic video library manager for TV shows vulnerable to unauthenticated blind SSRF in versions prior to 1.0.19 fi

Reporter	Title	Published	Views	Family All 3
Prion	Server side request forgery (ssrf)	22 Dec 202317:15	–	prion
Cvelist	CVE-2023-50258 Blind SSRF in `/home/testdiscord` endpoint	22 Dec 202316:55	–	cvelist
NVD	CVE-2023-50258	22 Dec 202317:15	–	nvd

Nvd

Vulners

Node

pymedusa medusaRange<1.0.19

[
  {
    "vendor": "pymedusa",
    "product": "Medusa",
    "versions": [
      {
        "version": "< 1.0.19",
        "status": "affected"
      }
    ]
  }
]

Source	Link
securitylab	www.securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/
github	www.github.com/pymedusa/Medusa/security/advisories/GHSA-3hph-6586-qv9g
github	www.github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py
github	www.github.com/pymedusa/Medusa/releases/tag/v1.0.19
github	www.github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/discord.py

Parameter	Position	Path	Description	CWE
discord_webhook	request body	/medusa/notifiers/discord.py	Unauthenticated blind server-side request forgery (SSRF) vulnerability due to improper validation of user-controlled variable.	CWE-918

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Dec 2023 17:15Current

5.4Medium risk

Vulners AI Score5.4

CVSS35.3

EPSS0.00118

CWE-918