Plattform
other
Komponente
sunshine
Behoben in
0.16.1
CVE-2024-31220 describes an Arbitrary File Access vulnerability discovered in Sunshine, a self-hosted game stream host for Moonlight. This vulnerability allows an attacker to remotely read arbitrary files without authentication. It affects versions 0.16.0 through 0.17.9, and a patch is available in version 0.18.0.
An attacker exploiting this vulnerability can gain unauthorized access to sensitive files on the server hosting Sunshine. By crafting specific HTTP/S requests to the node_modules endpoint, an attacker can bypass authentication and read files that they should not have access to. The potential data at risk includes configuration files, source code, and potentially user data if stored on the server. The blast radius is significant if the Sunshine configuration web user interface is exposed outside of localhost, either directly to the internet or within a local network. This could lead to widespread data exposure and compromise of the entire system.
CVE-2024-31220 was publicly disclosed on April 5, 2024. There are currently no known public proof-of-concept exploits available, but the vulnerability's ease of exploitation makes it a potential target for opportunistic attackers. Its inclusion on KEV is pending. The vulnerability's reliance on exposing the configuration web UI limits its immediate exploitability, but misconfigured deployments remain at risk.
Users who have deployed Sunshine with the configuration web user interface exposed outside of localhost, particularly those on shared hosting environments or with permissive firewall rules, are at significant risk. Legacy deployments using older versions of Sunshine are also vulnerable.
• linux / server: Monitor access logs for requests to the /node_modules endpoint. Use journalctl to search for related errors or suspicious activity.
journalctl -u sunshine | grep 'node_modules'• generic web: Use curl to test for endpoint exposure.
curl http://<sunshine_server>/node_modules• generic web: Examine access logs for unusual file access patterns or attempts to traverse directories.
disclosure
Exploit-Status
EPSS
0.18% (40% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-31220 is to upgrade Sunshine to version 0.18.0, which contains the necessary patch. If upgrading is not immediately possible, restrict access to the Sunshine configuration web user interface by ensuring it is only accessible from localhost. Implement strict firewall rules to block external access to the nodemodules endpoint. Consider using a Web Application Firewall (WAF) to filter malicious requests targeting this endpoint. Monitor access logs for suspicious activity, particularly requests to the nodemodules endpoint from unexpected sources.
Actualice Sunshine a la versión 0.18.0 o posterior. Como alternativa, bloquee el acceso a Sunshine a través de un firewall para evitar el acceso no autorizado a la interfaz web de configuración.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-31220 is a HIGH severity vulnerability in Sunshine versions 0.16.0 through 0.17.9 that allows an attacker to read arbitrary files without authentication if the web UI is exposed.
You are affected if you are running Sunshine versions 0.16.0 through 0.17.9 and the configuration web user interface is accessible from outside localhost.
Upgrade Sunshine to version 0.18.0. If upgrading is not possible, restrict access to the web UI to localhost and implement strict firewall rules.
There is currently no indication of active exploitation campaigns targeting CVE-2024-31220.
Refer to the Sunshine project's official website and GitHub repository for the latest advisory and security updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.