Skip to main content

Peertube CVE-2022-0726

MEDIUM
Missing Authorization (CWE-862)
2022-02-23 security@huntr.dev
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 23, 2022 - 14:15 nvd
MEDIUM 5.4

DescriptionNVD

Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.

AnalysisAI

Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Affected products include: Framasoft Peertube. Version information: prior to 4.1.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2025-32948 HIGH POC
7.5 Apr 15

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request

CVE-2025-32947 HIGH POC
7.5 Apr 15

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo

CVE-2025-32949 MEDIUM POC
6.5 Apr 15

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex

CVE-2025-32944 MEDIUM POC
6.5 Apr 15

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.

CVE-2022-0881 MEDIUM POC
6.5 Mar 09

Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity

CVE-2021-3780 MEDIUM POC
6.1 Sep 15

peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2022-0727 MEDIUM POC
5.4 Feb 23

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this

CVE-2025-32946 MEDIUM POC
5.3 Apr 15

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra

CVE-2025-32945 MEDIUM POC
4.3 Apr 15

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Ra

CVE-2025-32943 LOW POC
3.7 Apr 15

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server

CVE-2026-57167 MEDIUM
5.1 Jul 10

Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in

Share

CVE-2022-0726 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy