CVE-2024-51489 – Ampache's CSRF token validation flaw allows att... (How to Fix)

Q: What is the severity of CVE-2024-51489?

CVE-2024-51489 has a CVSS score of 5.4 (MEDIUM). Ampache's CSRF token validation flaw allows attackers to forge cross-site request forgery attacks. This enables sending messages to any user, including administrators, via malicious requests. All Ampache users running vulnerable versions are affected.

📋 TL;DR

Ampache's CSRF token validation flaw allows attackers to forge cross-site request forgery attacks. This enables sending messages to any user, including administrators, via malicious requests. All Ampache users running vulnerable versions are affected.

💻 Affected Systems

Products:

Ampache

Versions: Versions before 7.0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Ampache installations with messaging functionality enabled are vulnerable.

📦 What is this software?

Ampache by Ampache

View all CVEs affecting Ampache →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could send malicious messages to administrators, potentially tricking them into performing privileged actions or disclosing sensitive information.

🟠

Likely Case

Spam messages sent to users, potential social engineering attacks, and unauthorized communication between users.

🟢

If Mitigated

Limited to message system abuse without privilege escalation if proper authentication controls exist elsewhere.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction with malicious content but is technically simple once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.1

Vendor Advisory: https://github.com/ampache/ampache/security/advisories/GHSA-4q69-983r-mwwr

Restart Required: Yes

Instructions:

1. Backup your Ampache installation and database. 2. Download Ampache 7.0.1 or later from the official repository. 3. Replace existing files with the new version. 4. Run any database update scripts if required. 5. Restart your web server.

🔧 Temporary Workarounds

Disable User Messaging

all

Temporarily disable the messaging functionality in Ampache to prevent exploitation.

Edit Ampache configuration to disable messaging features or modify code to remove messaging endpoints.

🧯 If You Can't Patch

Implement strict network segmentation to limit access to the Ampache instance.
Deploy a WAF with CSRF protection rules and monitor for suspicious message-sending patterns.

🔍 How to Verify

Check if Vulnerable:

Check Ampache version via web interface admin panel or by examining source files for version markers.

Check Version:

Check the Ampache web interface admin panel or examine the CHANGELOG.md file in the installation directory.

Verify Fix Applied:

Confirm version is 7.0.1 or later and test CSRF token validation in messaging functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual message-sending patterns, multiple failed CSRF token validations in application logs.

Network Indicators:

Unexpected POST requests to messaging endpoints without proper referrer headers.

SIEM Query:

Search for POST requests to /server/*/messages* endpoints with missing or invalid CSRF tokens.

📊 Metadata

CVE ID: CVE-2024-51489

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-352

Published: November 11, 2024

Last Updated: November 14, 2024

🔗 References

https://github.com/ampache/ampache/security/advisories/GHSA-4q69-983r-mwwr Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51489, you might also want to check these: