The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HFramasoft Peertube
APPFramasoft< 7.1.1
Powiązane podatności
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an i...
peertube is vulnerable to Improper Access Control
peertube is vulnerable to Server-Side Request Forgery (SSRF)
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persiste...
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube RE...