What is CVE-2023-45672?

CVE-2023-45672 is a high-severity vulnerability in Blakeblackshear Frigate, classified under Deserialization of Untrusted Data. CVSS score: 7.5/10. Published 2023-10-30.

How severe is CVE-2023-45672?

High severity. CVSS v3 base score is 7.5 out of 10.

Deserialization in Blakeblackshear Frigate

CVE-2023-45672

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code…

Vulnerability class: Insecure Deserialization

EPSS: 0.026 (86.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Blakeblackshear Frigate — versions < 0.13.0-beta3

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-qp3h-4q62-p428 (x_refsource_CONFIRM)
https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/config.py#L1244-L1244 (x_refsource_MISC)
https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/http.py#L998-L998 (x_refsource_MISC)
https://github.com/blakeblackshear/frigate/blob/5658e5a4cc7376504af9de5e1eff178939a13e7f/frigate/util/builtin.py#L110-L110 (x_refsource_MISC)
https://securitylab.github.com/advisories/GHSL-2023-190_Frigate/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-45672?: CVE-2023-45672 is a high-severity vulnerability in Blakeblackshear Frigate, classified under Deserialization of Untrusted Data. CVSS score: 7.5/10. Published 2023-10-30.
How severe is CVE-2023-45672?: High severity. CVSS v3 base score is 7.5 out of 10.