Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    18 vulnerabilities by Chocobozzz

    CVE-2026-57167 (GCVE-0-2026-57167)

    Vulnerability from nvd – Published: 2026-07-10 16:37 – Updated: 2026-07-10 17:42
    VLAI
    Title
    PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Summary
    PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Chocobozzz PeerTube Affected: < 8.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T17:42:35.684811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:42:51.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PeerTube",
              "vendor": "Chocobozzz",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker\u0027s videos. This issue is fixed in version 8.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T16:37:59.631Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Chocobozzz/PeerTube/security/advisories/GHSA-jxwq-h9xv-hr28",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Chocobozzz/PeerTube/security/advisories/GHSA-jxwq-h9xv-hr28"
            },
            {
              "name": "https://github.com/Chocobozzz/PeerTube/commit/45394d701b08e87d72b8f0c1866b881f2becbde3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Chocobozzz/PeerTube/commit/45394d701b08e87d72b8f0c1866b881f2becbde3"
            },
            {
              "name": "https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.2"
            }
          ],
          "source": {
            "advisory": "GHSA-jxwq-h9xv-hr28",
            "discovery": "UNKNOWN"
          },
          "title": "PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-57167",
        "datePublished": "2026-07-10T16:37:59.631Z",
        "dateReserved": "2026-06-24T01:47:55.285Z",
        "dateUpdated": "2026-07-10T17:42:51.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-0881 (GCVE-0-2022-0881)

    Vulnerability from nvd – Published: 2022-03-09 08:35 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Insecure Storage of Sensitive Information in chocobozzz/peertube
    Summary
    Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 4.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:04.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "4.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-09T08:35:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
            }
          ],
          "source": {
            "advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
            "discovery": "EXTERNAL"
          },
          "title": "Insecure Storage of Sensitive Information in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0881",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Storage of Sensitive Information in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-922 Insecure Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
                }
              ]
            },
            "source": {
              "advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0881",
        "datePublished": "2022-03-09T08:35:10.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:04.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0727 (GCVE-0-2022-0727)

    Vulnerability from nvd – Published: 2022-02-23 13:20 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Improper Access Control in chocobozzz/peertube
    Summary
    Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 4.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "4.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-23T13:20:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
            }
          ],
          "source": {
            "advisory": "d1faa10f-0640-480c-bb52-089adb351e6e",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0727",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
                }
              ]
            },
            "source": {
              "advisory": "d1faa10f-0640-480c-bb52-089adb351e6e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0727",
        "datePublished": "2022-02-23T13:20:10.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0726 (GCVE-0-2022-0726)

    Vulnerability from nvd – Published: 2022-02-23 00:00 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Missing Authorization in chocobozzz/peertube
    Summary
    Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 4.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8928ab08-7fcb-475e-8da7-18e8412c1ac3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "4.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
            },
            {
              "url": "https://huntr.dev/bounties/8928ab08-7fcb-475e-8da7-18e8412c1ac3"
            }
          ],
          "source": {
            "advisory": "8928ab08-7fcb-475e-8da7-18e8412c1ac3",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in chocobozzz/peertube"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0726",
        "datePublished": "2022-02-23T00:00:00.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0508 (GCVE-0-2022-0508)

    Vulnerability from nvd – Published: 2022-02-08 10:30 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in chocobozzz/peertube
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < f33e515991a32885622b217bf2ed1d1b0d9d6832 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "f33e515991a32885622b217bf2ed1d1b0d9d6832",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:17:34.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832"
            }
          ],
          "source": {
            "advisory": "c3724574-b6c9-430b-849b-40dd2b20f23c",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0508",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "f33e515991a32885622b217bf2ed1d1b0d9d6832"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832"
                }
              ]
            },
            "source": {
              "advisory": "c3724574-b6c9-430b-849b-40dd2b20f23c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0508",
        "datePublished": "2022-02-08T10:30:46.000Z",
        "dateReserved": "2022-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0170 (GCVE-0-2022-0170)

    Vulnerability from nvd – Published: 2022-01-11 15:20 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Improper Access Control in chocobozzz/peertube
    Summary
    peertube is vulnerable to Improper Access Control
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < Not released yet (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "Not released yet",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Improper Access Control"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-11T15:20:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e"
            }
          ],
          "source": {
            "advisory": "f2a003fc-b911-43b6-81ec-f856cdfeaefc",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0170",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "Not released yet"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Improper Access Control"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e"
                }
              ]
            },
            "source": {
              "advisory": "f2a003fc-b911-43b6-81ec-f856cdfeaefc",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0170",
        "datePublished": "2022-01-11T15:20:12.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0133 (GCVE-0-2022-0133)

    Vulnerability from nvd – Published: 2022-01-07 12:45 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Improper Access Control in chocobozzz/peertube
    Summary
    peertube is vulnerable to Improper Access Control
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < Not released yet (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "Not released yet",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Improper Access Control"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T12:45:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8"
            }
          ],
          "source": {
            "advisory": "80aabdc1-89fe-47b8-87ca-9d68107fc0b4",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0133",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "Not released yet"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Improper Access Control"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8"
                }
              ]
            },
            "source": {
              "advisory": "80aabdc1-89fe-47b8-87ca-9d68107fc0b4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0133",
        "datePublished": "2022-01-07T12:45:12.000Z",
        "dateReserved": "2022-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0132 (GCVE-0-2022-0132)

    Vulnerability from nvd – Published: 2022-01-07 10:10 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in chocobozzz/peertube
    Summary
    peertube is vulnerable to Server-Side Request Forgery (SSRF)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < Not released yet (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "Not released yet",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Server-Side Request Forgery (SSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T10:10:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a"
            }
          ],
          "source": {
            "advisory": "77ec5308-5561-4664-af21-d780df2d1e4b",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0132",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "Not released yet"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Server-Side Request Forgery (SSRF)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a"
                }
              ]
            },
            "source": {
              "advisory": "77ec5308-5561-4664-af21-d780df2d1e4b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0132",
        "datePublished": "2022-01-07T10:10:10.000Z",
        "dateReserved": "2022-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3780 (GCVE-0-2021-3780)

    Vulnerability from nvd – Published: 2021-09-15 11:15 – Updated: 2024-08-03 17:09
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in chocobozzz/peertube
    Summary
    peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 3.4.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:08.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "3.4.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-15T11:15:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6"
            }
          ],
          "source": {
            "advisory": "282807a8-4bf5-4fe2-af62-e05f945b3d65",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-3780",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6"
                }
              ]
            },
            "source": {
              "advisory": "282807a8-4bf5-4fe2-af62-e05f945b3d65",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-3780",
        "datePublished": "2021-09-15T11:15:11.000Z",
        "dateReserved": "2021-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:09:08.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-57167 (GCVE-0-2026-57167)

    Vulnerability from cvelistv5 – Published: 2026-07-10 16:37 – Updated: 2026-07-10 17:42
    VLAI
    Title
    PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Summary
    PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Chocobozzz PeerTube Affected: < 8.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T17:42:35.684811Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T17:42:51.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PeerTube",
              "vendor": "Chocobozzz",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 8.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker\u0027s videos. This issue is fixed in version 8.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T16:37:59.631Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Chocobozzz/PeerTube/security/advisories/GHSA-jxwq-h9xv-hr28",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Chocobozzz/PeerTube/security/advisories/GHSA-jxwq-h9xv-hr28"
            },
            {
              "name": "https://github.com/Chocobozzz/PeerTube/commit/45394d701b08e87d72b8f0c1866b881f2becbde3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Chocobozzz/PeerTube/commit/45394d701b08e87d72b8f0c1866b881f2becbde3"
            },
            {
              "name": "https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v8.2.2"
            }
          ],
          "source": {
            "advisory": "GHSA-jxwq-h9xv-hr28",
            "discovery": "UNKNOWN"
          },
          "title": "PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-57167",
        "datePublished": "2026-07-10T16:37:59.631Z",
        "dateReserved": "2026-06-24T01:47:55.285Z",
        "dateUpdated": "2026-07-10T17:42:51.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-0881 (GCVE-0-2022-0881)

    Vulnerability from cvelistv5 – Published: 2022-03-09 08:35 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Insecure Storage of Sensitive Information in chocobozzz/peertube
    Summary
    Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
    CWE
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 4.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:04.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "4.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-922",
                  "description": "CWE-922 Insecure Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-09T08:35:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
            }
          ],
          "source": {
            "advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
            "discovery": "EXTERNAL"
          },
          "title": "Insecure Storage of Sensitive Information in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0881",
              "STATE": "PUBLIC",
              "TITLE": "Insecure Storage of Sensitive Information in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-922 Insecure Storage of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/2628431e-6a98-4063-a0e3-a8b1d9ebaa9c"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/0c058f256a195b92f124be10109c95d1fbe93ad8"
                }
              ]
            },
            "source": {
              "advisory": "2628431e-6a98-4063-a0e3-a8b1d9ebaa9c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0881",
        "datePublished": "2022-03-09T08:35:10.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:04.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0727 (GCVE-0-2022-0727)

    Vulnerability from cvelistv5 – Published: 2022-02-23 13:20 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Improper Access Control in chocobozzz/peertube
    Summary
    Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 4.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "4.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-23T13:20:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
            }
          ],
          "source": {
            "advisory": "d1faa10f-0640-480c-bb52-089adb351e6e",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0727",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/d1faa10f-0640-480c-bb52-089adb351e6e"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
                }
              ]
            },
            "source": {
              "advisory": "d1faa10f-0640-480c-bb52-089adb351e6e",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0727",
        "datePublished": "2022-02-23T13:20:10.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0726 (GCVE-0-2022-0726)

    Vulnerability from cvelistv5 – Published: 2022-02-23 00:00 – Updated: 2024-08-02 23:40
    VLAI
    Title
    Missing Authorization in chocobozzz/peertube
    Summary
    Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 4.1.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:40:03.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/8928ab08-7fcb-475e-8da7-18e8412c1ac3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "4.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://github.com/chocobozzz/peertube/commit/6ea9295b8f5dd7cc254202a79aad61c666cc4259"
            },
            {
              "url": "https://huntr.dev/bounties/8928ab08-7fcb-475e-8da7-18e8412c1ac3"
            }
          ],
          "source": {
            "advisory": "8928ab08-7fcb-475e-8da7-18e8412c1ac3",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in chocobozzz/peertube"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0726",
        "datePublished": "2022-02-23T00:00:00.000Z",
        "dateReserved": "2022-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:40:03.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0508 (GCVE-0-2022-0508)

    Vulnerability from cvelistv5 – Published: 2022-02-08 10:30 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in chocobozzz/peertube
    Summary
    Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < f33e515991a32885622b217bf2ed1d1b0d9d6832 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "f33e515991a32885622b217bf2ed1d1b0d9d6832",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-09T15:17:34.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832"
            }
          ],
          "source": {
            "advisory": "c3724574-b6c9-430b-849b-40dd2b20f23c",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0508",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "f33e515991a32885622b217bf2ed1d1b0d9d6832"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/c3724574-b6c9-430b-849b-40dd2b20f23c"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/f33e515991a32885622b217bf2ed1d1b0d9d6832"
                }
              ]
            },
            "source": {
              "advisory": "c3724574-b6c9-430b-849b-40dd2b20f23c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0508",
        "datePublished": "2022-02-08T10:30:46.000Z",
        "dateReserved": "2022-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0170 (GCVE-0-2022-0170)

    Vulnerability from cvelistv5 – Published: 2022-01-11 15:20 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Improper Access Control in chocobozzz/peertube
    Summary
    peertube is vulnerable to Improper Access Control
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < Not released yet (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "Not released yet",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Improper Access Control"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-11T15:20:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e"
            }
          ],
          "source": {
            "advisory": "f2a003fc-b911-43b6-81ec-f856cdfeaefc",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0170",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "Not released yet"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Improper Access Control"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/f2a003fc-b911-43b6-81ec-f856cdfeaefc"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/84c8d9866890f479faf0168c29be5eb7816ccc8e"
                }
              ]
            },
            "source": {
              "advisory": "f2a003fc-b911-43b6-81ec-f856cdfeaefc",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0170",
        "datePublished": "2022-01-11T15:20:12.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0133 (GCVE-0-2022-0133)

    Vulnerability from cvelistv5 – Published: 2022-01-07 12:45 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Improper Access Control in chocobozzz/peertube
    Summary
    peertube is vulnerable to Improper Access Control
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < Not released yet (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "Not released yet",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Improper Access Control"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T12:45:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8"
            }
          ],
          "source": {
            "advisory": "80aabdc1-89fe-47b8-87ca-9d68107fc0b4",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Control in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0133",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "Not released yet"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Improper Access Control"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/80aabdc1-89fe-47b8-87ca-9d68107fc0b4"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/795212f7acc690c88c86d0fab8772f6564d59cb8"
                }
              ]
            },
            "source": {
              "advisory": "80aabdc1-89fe-47b8-87ca-9d68107fc0b4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0133",
        "datePublished": "2022-01-07T12:45:12.000Z",
        "dateReserved": "2022-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0132 (GCVE-0-2022-0132)

    Vulnerability from cvelistv5 – Published: 2022-01-07 10:10 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Server-Side Request Forgery (SSRF) in chocobozzz/peertube
    Summary
    peertube is vulnerable to Server-Side Request Forgery (SSRF)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < Not released yet (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "Not released yet",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Server-Side Request Forgery (SSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T10:10:10.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a"
            }
          ],
          "source": {
            "advisory": "77ec5308-5561-4664-af21-d780df2d1e4b",
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0132",
              "STATE": "PUBLIC",
              "TITLE": "Server-Side Request Forgery (SSRF) in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "Not released yet"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Server-Side Request Forgery (SSRF)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/77ec5308-5561-4664-af21-d780df2d1e4b"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/7b54a81cccf6b4c12269e9d6897d608b1a99537a"
                }
              ]
            },
            "source": {
              "advisory": "77ec5308-5561-4664-af21-d780df2d1e4b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0132",
        "datePublished": "2022-01-07T10:10:10.000Z",
        "dateReserved": "2022-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3780 (GCVE-0-2021-3780)

    Vulnerability from cvelistv5 – Published: 2021-09-15 11:15 – Updated: 2024-08-03 17:09
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in chocobozzz/peertube
    Summary
    peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    chocobozzz chocobozzz/peertube Affected: unspecified , < 3.4.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:08.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "chocobozzz/peertube",
              "vendor": "chocobozzz",
              "versions": [
                {
                  "lessThan": "3.4.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "peertube is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-15T11:15:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6"
            }
          ],
          "source": {
            "advisory": "282807a8-4bf5-4fe2-af62-e05f945b3d65",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in chocobozzz/peertube",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2021-3780",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in chocobozzz/peertube"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "chocobozzz/peertube",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "chocobozzz"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "peertube is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/282807a8-4bf5-4fe2-af62-e05f945b3d65"
                },
                {
                  "name": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6",
                  "refsource": "MISC",
                  "url": "https://github.com/chocobozzz/peertube/commit/0ea2f79d45b301fcd660efc894469a99b2239bf6"
                }
              ]
            },
            "source": {
              "advisory": "282807a8-4bf5-4fe2-af62-e05f945b3d65",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2021-3780",
        "datePublished": "2021-09-15T11:15:11.000Z",
        "dateReserved": "2021-09-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:09:08.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }