CVE-2013-7301

Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/oss-sec/2014/q1/121
https://code.google.com/p/cantata/issues/detail?id=356	Exploit
http://seclists.org/oss-sec/2014/q1/124

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:craig_drummond:cantata:0.9.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.3.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.3:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.1.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.3:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.2:::::::*
	cpe:2.3:a:craig_drummond:cantata::::::::
	cpe:2.3:a:craig_drummond:cantata:1.1.3:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.7.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.9.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.9.2:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.0.1:::::::*
	cpe:2.3:a:craig_drummond:cantata:1.2.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.8.0:::::::*
	cpe:2.3:a:craig_drummond:cantata:0.7.0:::::::*

Information

Published : 2014-02-01 16:55

Updated : 2014-02-03 10:44

NVD link : CVE-2013-7301

Mitre link : CVE-2013-7301

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

craig_drummond

cantata

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://seclists.org/oss-sec/2014/q1/121", "name": "[oss-security] 20140120 CVE request: Cantata vulnerability", "tags": [], "refsource": "MLIST"}, {"url": "https://code.google.com/p/cantata/issues/detail?id=356", "name": "https://code.google.com/p/cantata/issues/detail?id=356", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/oss-sec/2014/q1/124", "name": "[oss-security] 20140120 Re: CVE request: Cantata vulnerability", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-7301", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-02T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.8.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2.1"}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:craig_drummond:cantata:0.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-02-03T18:44Z"}