Tautulli 2.1.9 Cross-Site Request Forgery (CSRF) Vulnerability

Summary

In the corresponding version of v2.1.9 by the manufacturer of Tautulli, it has been  discovered that anonymous access can be achieved in applications that do not have a user login area and that the remote media server can be shut down.

Credit:

The information has been provided by Ismail Tasdelen

The original article can be found at:https://github.com/Tautulli/Tautulli/compare/v2.1.9…v2.1.10-beta


Details

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).

 

Vulnerable Systems:

Tautulli 2.1.9

 

CVE Information:

CVE-2019-19833

 

Disclosure Timeline:
Published Date:12/18/2019

Categories: FeaturedNews