CVE-2024-51487 – Ampache versions before 7.0.1 have a CSRF vulne... (How to Fix)

Q: What is the severity of CVE-2024-51487?

CVE-2024-51487 has a CVSS score of 8.1 (HIGH). Ampache versions before 7.0.1 have a CSRF vulnerability in catalog activation/deactivation functions. Attackers can trick authenticated administrators into performing unauthorized catalog management actions via malicious requests. All Ampache installations using vulnerable versions are affected.

📋 TL;DR

Ampache versions before 7.0.1 have a CSRF vulnerability in catalog activation/deactivation functions. Attackers can trick authenticated administrators into performing unauthorized catalog management actions via malicious requests. All Ampache installations using vulnerable versions are affected.

💻 Affected Systems

Products:

Ampache

Versions: All versions before 7.0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to trick authenticated administrator into clicking malicious link/loading malicious page.

📦 What is this software?

Ampache by Ampache

View all CVEs affecting Ampache →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker disables all media catalogs, rendering the streaming service unusable, or activates malicious catalogs to serve compromised content.

🟠

Likely Case

Attacker modifies catalog settings to disrupt service availability or manipulate content access controls.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if administrators don't interact with malicious requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to weaponize once the vulnerable endpoint is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.1

Vendor Advisory: https://github.com/ampache/ampache/security/advisories/GHSA-5rmx-fjmc-mg6x

Restart Required: Yes

Instructions:

1. Backup your Ampache installation and database. 2. Download Ampache 7.0.1 or newer. 3. Replace existing files with new version. 4. Run any database update scripts if required. 5. Restart web server.

🔧 Temporary Workarounds

No official workarounds

all

Vendor states no workarounds exist for this vulnerability

🧯 If You Can't Patch

Implement strict access controls to limit who can access admin interfaces
Use browser extensions that block CSRF attempts or implement additional CSRF token validation at web application firewall level

🔍 How to Verify

Check if Vulnerable:

Check Ampache version in web interface or config file. If version is below 7.0.1, system is vulnerable.

Check Version:

grep -i 'version' /path/to/ampache/config/ampache.cfg.php or check web interface admin panel

Verify Fix Applied:

After upgrade, verify version shows 7.0.1 or higher in web interface or config.

📡 Detection & Monitoring

Log Indicators:

Multiple catalog activation/deactivation requests from same user in short timeframe
Catalog changes from unexpected IP addresses or user agents

Network Indicators:

POST requests to catalog management endpoints without proper Referer headers or with suspicious origins

SIEM Query:

web_access_logs WHERE (uri CONTAINS '/server/catalog.server.php' AND action IN ('activate_catalog', 'deactivate_catalog')) AND (referer IS NULL OR referer NOT CONTAINS 'your-domain.com')

📊 Metadata

CVE ID: CVE-2024-51487

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-352

Published: November 11, 2024

Last Updated: November 14, 2024

🔗 References

https://github.com/ampache/ampache/security/advisories/GHSA-5rmx-fjmc-mg6x Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51487, you might also want to check these: