[MAVEN:GHSA-G95V-3PJ6-J433] Ant Media Server does not properly authorize non-administrative API calls

Severity Moderate
Affected Packages 1
CVEs 1

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. 
All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

Package Affected Version
pkg:maven/io.antmedia/ant-media-server <= 2.9.0
ID
MAVEN:GHSA-G95V-3PJ6-J433
Severity
moderate
URL
https://github.com/advisories/GHSA-g95v-3pj6-j433
Published
2024-05-14T18:30:52
(8 days ago)
Modified
2024-05-14T21:37:55
(8 days ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/io.antmedia/ant-media-server io.antmedia ant-media-server <= 2.9.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...