8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
34.8%
ZoneMinder is a free, open source Closed-circuit television software
application. In affected versions authenticated users can bypass CSRF keys
by modifying the request supplied to the Zoneminder web application. These
modifications include replacing HTTP POST with an HTTP GET and removing the
CSRF key from the request. An attacker can take advantage of this by using
an HTTP GET request to perform actions with no CSRF protection. This could
allow an attacker to cause an authenticated user to perform unexpected
actions on the web application. Users are advised to upgrade as soon as
possible. There are no known workarounds for this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 22.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 23.10 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 24.04 | noarch | zoneminder | < any | UNKNOWN |
ubuntu | 16.04 | noarch | zoneminder | < any | UNKNOWN |