Search
Find a vulnerability
Search criteria
3 vulnerabilities by pymedusa
CVE-2023-50259 (GCVE-0-2023-50259)
Vulnerability from cvelistv5 – Published: 2023-12-22 17:00 – Updated: 2024-11-27 15:45
VLAI
Title
Blind SSRF in /home/testslack endpoint
Summary
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/pymedusa/Medusa/security/advis… | x_refsource_CONFIRM |
| https://github.com/pymedusa/Medusa/blob/3d656652a… | x_refsource_MISC |
| https://github.com/pymedusa/Medusa/blob/3d656652a… | x_refsource_MISC |
| https://github.com/pymedusa/Medusa/releases/tag/v1.0.19 | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/slack.py#L103",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/slack.py#L103"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L168",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L168"
},
{
"name": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50259",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:44:11.673588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:45:03.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Medusa",
"vendor": "pymedusa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notify` method, then `_notify_slack` and finally `_send_slack` method, which sends a POST request to the user-controlled URL on line 103 in `/medusa/notifiers/slack.py`, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T17:00:00.976Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-8mcr-vffr-jwxv"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/slack.py#L103",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/slack.py#L103"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L168",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L168"
},
{
"name": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/"
}
],
"source": {
"advisory": "GHSA-8mcr-vffr-jwxv",
"discovery": "UNKNOWN"
},
"title": "Blind SSRF in /home/testslack endpoint "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50259",
"datePublished": "2023-12-22T17:00:00.976Z",
"dateReserved": "2023-12-05T20:42:59.379Z",
"dateUpdated": "2024-11-27T15:45:03.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50258 (GCVE-0-2023-50258)
Vulnerability from cvelistv5 – Published: 2023-12-22 16:55 – Updated: 2025-04-23 16:18
VLAI
Title
Blind SSRF in `/home/testdiscord` endpoint
Summary
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/pymedusa/Medusa/security/advis… | x_refsource_CONFIRM |
| https://github.com/pymedusa/Medusa/blob/3d656652a… | x_refsource_MISC |
| https://github.com/pymedusa/Medusa/blob/3d656652a… | x_refsource_MISC |
| https://github.com/pymedusa/Medusa/releases/tag/v1.0.19 | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-3hph-6586-qv9g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-3hph-6586-qv9g"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/discord.py#L64",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/discord.py#L64"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L158",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L158"
},
{
"name": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-02T16:09:59.369625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:18:19.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Medusa",
"vendor": "pymedusa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test_notify` method, then `_notify_discord` and finally `_send_discord_msg` method, which sends a POST request to the user-controlled URL on line 64 in `/medusa/notifiers/discord.py`, which leads to a blind server-side request forgery. This issue allows for crafting POST requests on behalf of the Medusa server. Version 1.0.19 contains a fix for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T16:55:58.406Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-3hph-6586-qv9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-3hph-6586-qv9g"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/discord.py#L64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/notifiers/discord.py#L64"
},
{
"name": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L158",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/blob/3d656652ab277e47689483912ed7fc443e7023e8/medusa/server/web/home/handler.py#L158"
},
{
"name": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/releases/tag/v1.0.19"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2023-201_GHSL-2023-202_Medusa/"
}
],
"source": {
"advisory": "GHSA-3hph-6586-qv9g",
"discovery": "UNKNOWN"
},
"title": "Blind SSRF in `/home/testdiscord` endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50258",
"datePublished": "2023-12-22T16:55:58.406Z",
"dateReserved": "2023-12-05T20:42:59.378Z",
"dateUpdated": "2025-04-23T16:18:19.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28627 (GCVE-0-2023-28627)
Vulnerability from cvelistv5 – Published: 2023-03-27 20:13 – Updated: 2025-02-19 15:20
VLAI
Title
OS Command Injection via GIT_PATH in pymedusa
Summary
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute arbitrary OS commands as the user running the pymedusa program. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pymedusa/Medusa/security/advis… | x_refsource_CONFIRM |
| https://github.com/pymedusa/Medusa/commit/66d4be8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-6589-x6f5-cgg9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-6589-x6f5-cgg9"
},
{
"name": "https://github.com/pymedusa/Medusa/commit/66d4be8f0872bd5ddcdc5c5a58cb014d22834a45",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pymedusa/Medusa/commit/66d4be8f0872bd5ddcdc5c5a58cb014d22834a45"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28627",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:19:49.956198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:20:21.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Medusa",
"vendor": "pymedusa",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ \u003e advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute arbitrary OS commands as the user running the pymedusa program. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T20:13:02.302Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-6589-x6f5-cgg9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pymedusa/Medusa/security/advisories/GHSA-6589-x6f5-cgg9"
},
{
"name": "https://github.com/pymedusa/Medusa/commit/66d4be8f0872bd5ddcdc5c5a58cb014d22834a45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pymedusa/Medusa/commit/66d4be8f0872bd5ddcdc5c5a58cb014d22834a45"
}
],
"source": {
"advisory": "GHSA-6589-x6f5-cgg9",
"discovery": "UNKNOWN"
},
"title": "OS Command Injection via GIT_PATH in pymedusa"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28627",
"datePublished": "2023-03-27T20:13:02.302Z",
"dateReserved": "2023-03-20T12:19:47.207Z",
"dateUpdated": "2025-02-19T15:20:21.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}