Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-47828

Publication date 10 October 2024

Last updated 10 October 2024

Ubuntu priority

Medium

Why this priority?

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent.

Status

Package Ubuntu Release Status
ampache 24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
16.04 LTS xenial
Needs evaluation