Vulnerability Description
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lizardbyte | Sunshine | >= 0.10.0, < 0.23.0 |
Related Weaknesses (CWE)
References
- https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9bPatch
- https://github.com/LizardByte/Sunshine/issues/2305ExploitIssue Tracking
- https://github.com/LizardByte/Sunshine/pull/2365Issue TrackingPatch
- https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55mVendor Advisory
- https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9bPatch
- https://github.com/LizardByte/Sunshine/issues/2305ExploitIssue Tracking
- https://github.com/LizardByte/Sunshine/pull/2365Issue TrackingPatch
- https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55mVendor Advisory
FAQ
What is CVE-2024-31221?
CVE-2024-31221 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, ...
How severe is CVE-2024-31221?
CVE-2024-31221 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-31221?
Check the references section above for vendor advisories and patch information. Affected products include: Lizardbyte Sunshine.