Homepage
About Snyk

Improper Authorization Affecting io.antmedia:ant-media-server package, versions [0,]

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.05% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-IOANTMEDIA-6849302
  • published 15 May 2024
  • disclosed 14 May 2024
  • credit Maksym Brzęczek
Report a new vulnerability Found a mistake?

Introduced: 14 May 2024

CVE-2024-3462 Open this link in a new tab
CWE-863 Open this link in a new tab

How to fix?

There is no fixed version for io.antmedia:ant-media-server.

Overview

io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.

Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers.

CVSS Scores

version 3.1
Expand this section

Snyk

6.5 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    Low
  • Availability (A)
    None