What is CVE-2023-45670?

CVE-2023-45670 is a high-severity vulnerability in Blakeblackshear Frigate, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2023-10-30.

How severe is CVE-2023-45670?

High severity. CVSS v3 base score is 7.5 out of 10.

CSRF in Blakeblackshear Frigate

CVE-2023-45670

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.003 (48.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Blakeblackshear Frigate — versions < 0.13.0-beta3

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-xq49-hv88-jr6h (x_refsource_CONFIRM)
https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/ (x_refsource_MISC)
https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L1060 (x_refsource_MISC)
https://github.com/blakeblackshear/frigate/blob/6aedc39a9a421cf48000a727f36b4c1495848a1d/frigate/http.py#L998 (x_refsource_MISC)
https://github.com/blakeblackshear/frigate/discussions/8366 (x_refsource_MISC)
https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-45670?: CVE-2023-45670 is a high-severity vulnerability in Blakeblackshear Frigate, classified under Cross-Site Request Forgery (CSRF). CVSS score: 7.5/10. Published 2023-10-30.
How severe is CVE-2023-45670?: High severity. CVSS v3 base score is 7.5 out of 10.