CVE-2024-51484
📋 TL;DR
Ampache versions before 7.0.1 have a CSRF vulnerability in token parsing when activating/deactivating controllers, allowing attackers to trick authenticated administrators into performing unauthorized actions via malicious requests. This affects all Ampache installations with vulnerable versions that have administrative interfaces accessible to users. The vulnerability enables attackers to modify website features that should be restricted to administrators.
💻 Affected Systems
- Ampache
📦 What is this software?
Ampache by Ampache
⚠️ Risk & Real-World Impact
Worst Case
Attackers could completely compromise the Ampache instance by tricking administrators into executing malicious controller actions, potentially enabling full system takeover, data manipulation, or service disruption.
Likely Case
Attackers would trick authenticated administrators into performing unauthorized controller actions, potentially changing application settings, disabling security features, or manipulating content.
If Mitigated
With proper network segmentation and access controls limiting administrative interfaces to trusted networks only, the attack surface is significantly reduced.
🎯 Exploit Status
Exploitation requires tricking an authenticated administrator into clicking a malicious link or visiting a compromised page while logged into Ampache.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.0.1
Vendor Advisory: https://github.com/ampache/ampache/security/advisories/GHSA-h6vj-6rvc-3x29
Restart Required: Yes
Instructions:
1. Backup your current Ampache installation and database. 2. Download Ampache 7.0.1 or later from the official repository. 3. Replace the existing installation with the new version. 4. Restart your web server service. 5. Verify the upgrade was successful.
🔧 Temporary Workarounds
No official workarounds available
allThe vendor advisory states there are no known workarounds for this vulnerability
🧯 If You Can't Patch
- Restrict administrative access to Ampache to trusted internal networks only using firewall rules or network segmentation
- Implement additional CSRF protection at the web application firewall level or use browser extensions that block CSRF attempts
🔍 How to Verify
Check if Vulnerable:
Check your Ampache version by viewing the web interface footer or examining the source code version files. If version is below 7.0.1, you are vulnerable.Check Version:
grep -r "version.*7\." /path/to/ampache/install/ or check web interface footerVerify Fix Applied:
After upgrading, verify the version shows 7.0.1 or higher in the web interface footer or version files.📡 Detection & Monitoring
Log Indicators:
- Unusual controller activation/deactivation requests
- Multiple failed CSRF token validations from same IP
- Administrative actions from unexpected user agents or IPs
Network Indicators:
- HTTP POST requests to controller endpoints without proper referrer headers
- Requests with manipulated or missing CSRF tokens
SIEM Query:
web_server_logs | where url contains "/controller/" and (action contains "activate" or action contains "deactivate") and csrf_token validation = failed