CVE-2019-19833 — MEDIUM (6.5)

Vulnerability Description

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tautulli	Tautulli	2.1.9

Related Weaknesses (CWE)

CWE-352

References

http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-FoExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.htmExploitThird Party AdvisoryVDB Entry
https://github.com/Tautulli/Tautulli/compare/v2.1.9...v2.1.10-betaRelease NotesThird Party Advisory
http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-FoExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.htmExploitThird Party AdvisoryVDB Entry
https://github.com/Tautulli/Tautulli/compare/v2.1.9...v2.1.10-betaRelease NotesThird Party Advisory

FAQ

What is CVE-2019-19833?

CVE-2019-19833 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).

How severe is CVE-2019-19833?

CVE-2019-19833 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19833?

Check the references section above for vendor advisories and patch information. Affected products include: Tautulli Tautulli.