motioneye@0.44.0b3

motioneye, a multilingual web interface for motion.

  • latest version

    0.44.0

  • first published

    10 years ago

  • latest version published

    14 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the motioneye package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal through the MoviePlaybackHandler and related handlers, which allow arbitrary file reads due to improper path validation. An attacker can gain full administrative access and execute arbitrary commands by exploiting a path traversal to read the configuration file containing the admin password hash, which is accepted directly as a signing key for admin API requests. This is only exploitable if the admin password is set and the normal user password is left empty (the default configuration).

    How to fix Directory Traversal?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • H
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal via the get_media_path function. An attacker can access arbitrary files on the filesystem by supplying an absolute path as the filename parameter, which causes the application to bypass directory restrictions and serve files outside the intended media directory.

    How to fix Directory Traversal?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • C
    Arbitrary File Upload

    Affected versions of this package are vulnerable to Arbitrary File Upload through a multi-stage chain involving the download, get_media_content, get_current_user, restore, and post processes. An attacker can gain unauthorized access, escalate privileges, read arbitrary files, and execute arbitrary code by chaining local file read, signature forgery, unsafe archive extraction, and unauthenticated action execution endpoints. This is only exploitable if at least one local motion camera is configured and the relevant endpoints are reachable, with unauthenticated exploitation possible if the normal user password is unset.

    How to fix Arbitrary File Upload?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • M
    Missing Authorization

    Affected versions of this package are vulnerable to Missing Authorization via the post function in the ActionHandler process. An attacker can execute camera actions such as triggering snapshots, starting or stopping video recording, or running configured action scripts without authentication by sending crafted HTTP POST requests to the relevant endpoints.

    How to fix Missing Authorization?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • C
    Use of Password Hash Instead of Password for Authentication

    Affected versions of this package are vulnerable to Use of Password Hash Instead of Password for Authentication via the improper validation of authentication cookies. An attacker can gain unauthorized access to arbitrary user accounts by setting or modifying the meye_password_hash and meye_username cookies with known values. This is only exploitable if the attacker knows or can obtain valid username and password hash pairs, such as by reading the globally readable /etc/motioneye/motion.conf file on the local system.

    How to fix Use of Password Hash Instead of Password for Authentication?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • H
    Access Control Bypass

    Affected versions of this package are vulnerable to Access Control Bypass via the get_media_preview process. An attacker can access sensitive files on the server by sending crafted requests containing encoded path traversal sequences in the filename parameter. This allows disclosure of confidential information such as password hashes, configuration files, and other sensitive data.

    How to fix Access Control Bypass?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • M
    Incorrect Permission Assignment for Critical Resource

    Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the configuration file being created with overly permissive file permissions, allowing any local user to read sensitive information such as the admin password hash. An attacker can obtain confidential credentials by accessing the motion.conf file as an unprivileged user and may leverage this information for further attacks, such as offline password cracking or forging authenticated requests.

    How to fix Incorrect Permission Assignment for Critical Resource?

    Upgrade motioneye to version 0.44.0 or higher.

    [,0.44.0)
    • H
    Information Exposure

    Affected versions of this package are vulnerable to Information Exposure via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.

    How to fix Information Exposure?

    There is no fixed version for motioneye.

    [0,)
    • M
    Unrestricted File Upload

    Affected versions of this package are vulnerable to Unrestricted File Upload which allows a remote attacker to upload a configuration backup file containing a malicious python pickle file.

    Note: The package is no longer being actively maintained. This vulnerability requires admin access rights to be exploitable.

    How to fix Unrestricted File Upload?

    There is no fixed version for motioneye.

    [0,)