19 matches found
CVE-2022-0508
Server-Side Request Forgery SSRF in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832...
CVE-2022-0881 Insecure Storage of Sensitive Information in chocobozzz/peertube
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1...
PeerTube 安全漏洞
PeerTube is a decentralized video sharing service platform. It is used to create video projects. PeerTube suffers from a security vulnerability that stems from the insecure storage of sensitive information in the chocobozzz peertube...
CVE-2022-0727
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0...
CVE-2022-0726
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0...
CVE-2022-0726
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0...
Improper access control
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0...
CVE-2022-0727 Improper Access Control in chocobozzz/peertube
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0...
CVE-2022-0727 Improper Access Control in chocobozzz/peertube
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0...
CVE-2022-0726 Missing Authorization in chocobozzz/peertube
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0...
Improper Authorization in chocobozzz/peertube
Description The app doesn't check the status of video when making data changes. Normal users can create new comment or reply comment in private videos. Proof of Concept note: I'm using instance p.lu for testing - Step 1: Login as video test1 and upload private video. Get video ID of private video...
CVE-2022-0508
Server-Side Request Forgery SSRF in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832...
CVE-2022-0508
Server-Side Request Forgery SSRF in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832...
CVE-2022-0508 Server-Side Request Forgery (SSRF) in chocobozzz/peertube
Server-Side Request Forgery SSRF in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832...
Server-Side Request Forgery (SSRF) in chocobozzz/peertube
Description First of all, Thanks to my friend Haxatron for his excellent report I read the fix commit, and I found out that the code only Checked the IP addresses and didn't check the domain names that refer to a private IP address Steps to reproduce first, set up a local server at 127.0.0.2:8000...
CVE-2022-0170 Improper Access Control in chocobozzz/peertube
peertube is vulnerable to Improper Access Control...
CVE-2022-0133 Improper Access Control in chocobozzz/peertube
peertube is vulnerable to Improper Access Control...
Improper Access Control in chocobozzz/peertube
Description Unauthenticated users can obtain the caption of private videos Proof of Concept 1: First, create a private video and upload a caption 2: As an unauthenticated user, logout and visit the /api/v1/videos/1/captions 3: The response should return a lazy-static URL...