Vulnerability Details : CVE-2013-7301
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
Products affected by CVE-2013-7301
- cpe:2.3:a:craig_drummond:cantata:*:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:craig_drummond:cantata:0.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7301
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7301
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-7301
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7301
-
http://seclists.org/oss-sec/2014/q1/124
oss-sec: Re: CVE request: Cantata vulnerability
-
http://seclists.org/oss-sec/2014/q1/121
oss-sec: CVE request: Cantata vulnerability
-
https://code.google.com/p/cantata/issues/detail?id=356
Internal http server should be removed: it is dangerously insecure · Issue #356 · CDrummond/cantata · GitHubExploit
Jump to