4 matches found
CVE-2023-50259
creationtimestamp| type| source ---|---|--- 2023-12-22 18:23:33+00:00| seen| https://t.me/ctinow/158520 2024-01-03 23:17:15+00:00| seen| https://t.me/ctinow/162652 2024-01-18 10:41:34+00:00| seen| https://t.me/ctinow/169657...
CVE-2023-50259 Blind SSRF in /home/testslack endpoint
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...
CVE-2023-50259 Blind SSRF in /home/testslack endpoint
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testslack request handler in medusa/server/web/home/handler.py does not validate the user-controlled slackwebhook variable and passes i...
CVE-2023-50259
CVE-2023-50259 affects Medusa prior to 1.0.19, where the /home/testslack endpoint allows unauthenticated blind SSRF. The issue arises because the testslack handler does not validate the user-controlled slack_webhook URL, passing it to notifiers.slack_notifier.test_notify, then _notify_slack and _...