CVE-2021-21399

Summary

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory.

Affected Software

VendorProductVersion RangeStatus
ampacheampache< 4.4.1affected

Weaknesses

  • CWE-284: {"CWE-284":"Improper Access Control"}

ADP Enrichment

CVE Program Container

Additional References

References