9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.7%
Emby Server is prone to a proxy header spoofing vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:emby:emby.releases";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.149863");
script_version("2023-10-12T05:05:32+0000");
script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
script_tag(name:"creation_date", value:"2023-06-30 03:58:48 +0000 (Fri, 30 Jun 2023)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-07-10 23:24:00 +0000 (Mon, 10 Jul 2023)");
script_cve_id("CVE-2021-25827", "CVE-2023-33193");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Emby Server Proxy Header Spoofing Vulnerability (GHSA-fffj-6fr6-3fgf)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_emby_server_http_detect.nasl");
script_mandatory_keys("emby/media_server/detected");
script_tag(name:"summary", value:"Emby Server is prone to a proxy header spoofing vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Login bypass attack by setting the X-Forwarded-For header to
a local IP-address.");
script_tag(name:"impact", value:"This vulnerability may allow administrative access to an Emby
Server system, depending on certain user account settings. Emby server employs a determination of
'Local Network' vs. 'Non-Local Network' depending on connection parameters of a remote request.
This determination in turn, may affect the behavior of certain features and also the requirements
regarding account logins.
By spoofing certain headers which are intended for interoperation with reverse proxy servers, it
may be possible to affect the local/non-local network determination to allow logging in without
password or to view a list of user accounts which may have no password configured.");
script_tag(name:"affected", value:"Emby Server version 4.7.11 and prior and version 4.8.x through
4.8.0.30.");
script_tag(name:"solution", value:"Update to version 4.7.12, 4.8.0.31 or later.");
script_xref(name:"URL", value:"https://github.com/EmbySupport/security/security/advisories/GHSA-fffj-6fr6-3fgf");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "4.7.12")) {
report = report_fixed_ver(installed_version: version, fixed_version: "4.7.12", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "4.8.0", test_version_up: "4.8.0.31")) {
report = report_fixed_ver(installed_version: version, fixed_version: "4.8.0.31", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.7%