प्लेटफ़ॉर्म
other
घटक
avideo
में ठीक किया गया
8.1.1
CVE-2020-37158 describes a cross-site request forgery (CSRF) vulnerability discovered in AVideo Platform version 8.1. This flaw allows attackers to manipulate user accounts by exploiting the password recovery process, potentially leading to unauthorized access and data compromise. The vulnerability was publicly disclosed on 2026-02-11, and a fix is expected in a future release.
The primary impact of CVE-2020-37158 is the ability for an attacker to reset a user's password without their knowledge or consent. By crafting malicious requests targeting the recoverPass endpoint and leveraging a valid recovery token, an attacker can effectively take control of a user's account. This could lead to unauthorized access to sensitive data, modification of user profiles, or even the execution of actions on behalf of the compromised user. The blast radius extends to all users of AVideo Platform 8.1 who utilize the password recovery feature, making it a widespread concern.
As of the public disclosure date (2026-02-11), there is no indication of active exploitation campaigns targeting CVE-2020-37158. Public proof-of-concept (POC) code is currently unavailable. The vulnerability is not listed on the CISA KEV catalog. The CVSS score of 5.3 (MEDIUM) suggests a moderate probability of exploitation if a suitable exploit is developed and widely distributed.
AVideo Platform deployments running version 8.1 are at risk. Users who frequently utilize the password recovery feature are particularly vulnerable. Shared hosting environments where multiple users share the same AVideo Platform instance should be considered high-priority targets.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
The recommended mitigation for CVE-2020-37158 is to upgrade to a patched version of AVideo Platform as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds such as requiring multi-factor authentication (MFA) for all user accounts. Implementing strict input validation and output encoding on the recoverPass endpoint can also help reduce the attack surface. Monitor access logs for suspicious activity related to password reset requests.
कृपया AVideo Platform को 8.1 से आगे के संस्करण में अपडेट करें ताकि CSRF भेद्यता ठीक हो सके। नवीनतम संस्करण और अपडेट निर्देशों के लिए AVideo वेबसाइट देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2020-37158 is a cross-site request forgery vulnerability in AVideo Platform version 8.1 that allows attackers to reset user passwords without authentication.
If you are using AVideo Platform version 8.1 and utilize the password recovery feature, you are potentially affected by this vulnerability.
Upgrade to a patched version of AVideo Platform as soon as it becomes available. Until then, implement workarounds like MFA and input validation.
As of the public disclosure date, there is no evidence of active exploitation of CVE-2020-37158.
Please refer to the AVideo Platform security advisories page for updates and official information regarding CVE-2020-37158.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।