Main Vulnerability Database Vulnerabilities #VU42085

Permissions, Privileges, and Access Controls in cantata - CVE-2013-7301

Published: February 2, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42085

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-7301

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: CDrummond

Affected software:
cantata

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.

How to mitigate CVE-2013-7301

Install update from vendor's website.

Sources

http://seclists.org/oss-sec/2014/q1/121
http://seclists.org/oss-sec/2014/q1/124
https://code.google.com/p/cantata/issues/detail?id=356

Permissions, Privileges, and Access Controls in cantata - CVE-2013-7301

Detailed vulnerability description

How to mitigate CVE-2013-7301

Sources

Please verify you're human