Search criteria
9 vulnerabilities found for frigate by frigate
FKIE_CVE-2023-45672
Vulnerability from fkie_nvd - Published: 2023-10-30 23:15 - Updated: 2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4732404-ED83-4426-AAA2-7BA34EDDD6BD",
"versionEndIncluding": "0.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C166CCC4-B65F-467C-B9C7-716181142D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "950A7EE4-7B30-482E-824D-81BD4DC707F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch."
},
{
"lang": "es",
"value": "Frigate es una grabadora de v\u00eddeo en red de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.0 Beta 3, se identific\u00f3 una vulnerabilidad de deserializaci\u00f3n insegura en los endpoints utilizados para guardar configuraciones para Frigate. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado. Esto se puede realizar a trav\u00e9s de la interfaz de usuario en `/config` o mediante una llamada directa a `/api/config/save`. Explotar esta vulnerabilidad requiere que el atacante conozca informaci\u00f3n muy espec\u00edfica sobre el servidor Frigate de un usuario y requiere que se enga\u00f1e a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podr\u00eda ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta p\u00fablicamente a Internet (incluso con autenticaci\u00f3n); el atacante conoce la direcci\u00f3n de la instancia de Frigate de un usuario; el atacante crea una p\u00e1gina especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su p\u00e1gina especializada y haga clic en el bot\u00f3n/enlace. La entrada se acepta inicialmente a trav\u00e9s de `http.py`. Luego, la entrada proporcionada por el usuario se analiza y carga mediante `load_config_with_no_duplicates`. Sin embargo, `load_config_with_no_duplicates` no sanitiza esta entrada por el m\u00e9rito de usar `yaml.loader.Loader`, que puede crear instancias de constructores personalizados. Un payload proporcionado se ejecutar\u00e1 directamente en `frigate/util/builtin.py:110`. Este problema puede provocar una ejecuci\u00f3n remota de c\u00f3digo previamente autenticada. La versi\u00f3n 0.13.0 Beta 3 contiene un parche."
}
],
"id": "CVE-2023-45672",
"lastModified": "2024-11-21T08:27:11.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-30T23:15:08.697",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428"
},
{
"source": "security-advisories@github.com",
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45670
Vulnerability from fkie_nvd - Published: 2023-10-30 23:15 - Updated: 2024-11-21 08:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4732404-ED83-4426-AAA2-7BA34EDDD6BD",
"versionEndIncluding": "0.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C166CCC4-B65F-467C-B9C7-716181142D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "950A7EE4-7B30-482E-824D-81BD4DC707F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via \"drive-by\" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch."
},
{
"lang": "es",
"value": "Frigate es una grabadora de v\u00eddeo en red de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.0 Beta 3, los endpoints `config/save` y `config/set` de Frigate no implementan ninguna protecci\u00f3n CSRF. Esto hace posible que una solicitud procedente de otro sitio actualice la configuraci\u00f3n del servidor Frigate (por ejemplo, mediante un ataque \"drive-by\"). Explotar esta vulnerabilidad requiere que el atacante conozca informaci\u00f3n muy espec\u00edfica sobre el servidor Frigate de un usuario y requiere que se enga\u00f1e a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podr\u00eda ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta p\u00fablicamente a Internet (incluso con autenticaci\u00f3n); el atacante conoce la direcci\u00f3n de la instancia de Frigate de un usuario; el atacante crea una p\u00e1gina especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su p\u00e1gina especializada y haga clic en el bot\u00f3n/enlace. Este problema puede provocar actualizaciones de configuraci\u00f3n arbitrarias para el servidor Frigate, lo que resulta en denegaci\u00f3n de servicio y posible filtraci\u00f3n de datos. La versi\u00f3n 0.13.0 Beta 3 contiene un parche."
}
],
"id": "CVE-2023-45670",
"lastModified": "2024-11-21T08:27:10.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-30T23:15:08.543",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/blakeblackshear/frigate/discussions/8366"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h"
},
{
"source": "security-advisories@github.com",
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/blakeblackshear/frigate/discussions/8366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-45671
Vulnerability from fkie_nvd - Published: 2023-10-30 23:15 - Updated: 2024-11-21 08:27
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frigate:frigate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4732404-ED83-4426-AAA2-7BA34EDDD6BD",
"versionEndIncluding": "0.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C166CCC4-B65F-467C-B9C7-716181142D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:frigate:frigate:0.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "950A7EE4-7B30-482E-824D-81BD4DC707F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue."
},
{
"lang": "es",
"value": "Frigate es una grabadora de v\u00eddeo en red de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.0 Beta 3, hab\u00eda una vulnerabilidad de cross-site scripting reflejada en cualquier endpoint de API que dependiera de la ruta base `/`, ya que los valores proporcionados para la ruta no est\u00e1n sanitizados. Explotar esta vulnerabilidad requiere que el atacante conozca informaci\u00f3n muy espec\u00edfica sobre el servidor Frigate de un usuario y requiere que se enga\u00f1e a un usuario autenticado para que haga clic en un enlace especialmente manipulado a su instancia de Frigate. Esta vulnerabilidad podr\u00eda ser aprovechada por un atacante en las siguientes circunstancias: Fragata expuesta p\u00fablicamente a Internet (incluso con autenticaci\u00f3n); el atacante conoce la direcci\u00f3n de la instancia de Frigate de un usuario; el atacante crea una p\u00e1gina especializada que enlaza con la instancia de Frigate del usuario; El atacante encuentra una manera de lograr que un usuario autenticado visite su p\u00e1gina especializada y haga clic en el bot\u00f3n/enlace. Como los valores reflejados incluidos en la URL no se sanitiza ni se escapan, esto permite la ejecuci\u00f3n de payloads de Javascript arbitrarios. La versi\u00f3n 0.13.0 Beta 3 contiene un parche para este problema."
}
],
"id": "CVE-2023-45671",
"lastModified": "2024-11-21T08:27:10.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-30T23:15:08.620",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f"
},
{
"source": "security-advisories@github.com",
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2023-45672 (GCVE-0-2023-45672)
Vulnerability from cvelistv5 – Published: 2023-10-30 22:49 – Updated: 2024-08-02 20:21
VLAI?
Title
Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blakeblackshear | frigate |
Affected:
< 0.13.0-beta3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "frigate",
"vendor": "blakeblackshear",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:40:37.540Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"source": {
"advisory": "GHSA-qp3h-4q62-p428",
"discovery": "UNKNOWN"
},
"title": "Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45672",
"datePublished": "2023-10-30T22:49:45.755Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45671 (GCVE-0-2023-45671)
Vulnerability from cvelistv5 – Published: 2023-10-30 22:41 – Updated: 2024-08-02 20:21
VLAI?
Title
Frigate reflected XSS through `/<camera_name>` API endpoints
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blakeblackshear | frigate |
Affected:
< 0.13.0-beta3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "frigate",
"vendor": "blakeblackshear",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:41:08.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"source": {
"advisory": "GHSA-jjxc-m35j-p56f",
"discovery": "UNKNOWN"
},
"title": "Frigate reflected XSS through `/\u003ccamera_name\u003e` API endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45671",
"datePublished": "2023-10-30T22:41:17.276Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45670 (GCVE-0-2023-45670)
Vulnerability from cvelistv5 – Published: 2023-10-30 22:38 – Updated: 2024-08-02 20:21
VLAI?
Title
Frigate cross-site request forgery in `config_save` and `config_set` request handlers
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.
Severity ?
7.5 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blakeblackshear | frigate |
Affected:
< 0.13.0-beta3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h"
},
{
"name": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/discussions/8366",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/discussions/8366"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "frigate",
"vendor": "blakeblackshear",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via \"drive-by\" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:41:30.165Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h"
},
{
"name": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/discussions/8366",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/discussions/8366"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"source": {
"advisory": "GHSA-xq49-hv88-jr6h",
"discovery": "UNKNOWN"
},
"title": "Frigate cross-site request forgery in `config_save` and `config_set` request handlers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45670",
"datePublished": "2023-10-30T22:38:19.118Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45672 (GCVE-0-2023-45672)
Vulnerability from nvd – Published: 2023-10-30 22:49 – Updated: 2024-08-02 20:21
VLAI?
Title
Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blakeblackshear | frigate |
Affected:
< 0.13.0-beta3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "frigate",
"vendor": "blakeblackshear",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:40:37.540Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"source": {
"advisory": "GHSA-qp3h-4q62-p428",
"discovery": "UNKNOWN"
},
"title": "Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45672",
"datePublished": "2023-10-30T22:49:45.755Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45671 (GCVE-0-2023-45671)
Vulnerability from nvd – Published: 2023-10-30 22:41 – Updated: 2024-08-02 20:21
VLAI?
Title
Frigate reflected XSS through `/<camera_name>` API endpoints
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blakeblackshear | frigate |
Affected:
< 0.13.0-beta3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "frigate",
"vendor": "blakeblackshear",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:41:08.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-jjxc-m35j-p56f"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"source": {
"advisory": "GHSA-jjxc-m35j-p56f",
"discovery": "UNKNOWN"
},
"title": "Frigate reflected XSS through `/\u003ccamera_name\u003e` API endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45671",
"datePublished": "2023-10-30T22:41:17.276Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45670 (GCVE-0-2023-45670)
Vulnerability from nvd – Published: 2023-10-30 22:38 – Updated: 2024-08-02 20:21
VLAI?
Title
Frigate cross-site request forgery in `config_save` and `config_set` request handlers
Summary
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.
Severity ?
7.5 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| blakeblackshear | frigate |
Affected:
< 0.13.0-beta3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h"
},
{
"name": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/discussions/8366",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blakeblackshear/frigate/discussions/8366"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "frigate",
"vendor": "blakeblackshear",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0-beta3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via \"drive-by\" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user\u0027s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user\u0027s Frigate instance; attacker crafts a specialized page which links to the user\u0027s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T19:41:30.165Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h"
},
{
"name": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060"
},
{
"name": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998"
},
{
"name": "https://github.com/blakeblackshear/frigate/discussions/8366",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blakeblackshear/frigate/discussions/8366"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/"
}
],
"source": {
"advisory": "GHSA-xq49-hv88-jr6h",
"discovery": "UNKNOWN"
},
"title": "Frigate cross-site request forgery in `config_save` and `config_set` request handlers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45670",
"datePublished": "2023-10-30T22:38:19.118Z",
"dateReserved": "2023-10-10T14:36:40.861Z",
"dateUpdated": "2024-08-02T20:21:16.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}