CVE-2024-49763
CVSS V2 None
CVSS V3 None
Description
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.
Overview
- CVE ID
- CVE-2024-49763
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-02T16:41:26.846Z
- Last Modified Date
- 2024-12-02T17:22:07.037Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-305_PlexRipper/ | x_refsource_CONFIRM |
| https://github.com/PlexRipper/PlexRipper/commit/184074644a1f5a8ac59519929a9c4b92280fb2a1 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-49763 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49763 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-12-03 13:11:54 | Added to TrackCVE |