CVE-2013-3564
Published: 6 February 2020
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
vlc Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(3.0.8-0ubuntu18.04.1)
|
| eoan |
Not vulnerable
|
|
| focal |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| groovy |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| kinetic |
Not vulnerable
|
|
| lunar |
Not vulnerable
|
|
| trusty |
Does not exist
|
|
| hirsute |
Not vulnerable
|
|
| upstream |
Released
(2.0.7-1)
|
|
| xenial |
Not vulnerable
(2.2.2-5)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |