Peertube
CVE-2022-0726
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
AnalysisAI
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Affected products include: Framasoft Peertube. Version information: prior to 4.1.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo
This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Ra
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server
Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today