Peertube
CVE-2022-0727
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
AnalysisAI
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-284. Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Affected products include: Framasoft Peertube. Version information: prior to 4.1.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo
This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vu
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Ra
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server
Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today