All the vulnerabilites related to LizardByte - Sunshine
cve-2024-31221
Vulnerability from cvelistv5
Published
2024-04-08 15:10
Modified
2024-09-03 18:00
Severity ?
EPSS score ?
Summary
Clients removed during unpairing process may regain access if Sunshine was not restarted
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m | x_refsource_CONFIRM | |
| https://github.com/LizardByte/Sunshine/issues/2305 | x_refsource_MISC | |
| https://github.com/LizardByte/Sunshine/pull/2365 | x_refsource_MISC | |
| https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:05.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m"
},
{
"name": "https://github.com/LizardByte/Sunshine/issues/2305",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/issues/2305"
},
{
"name": "https://github.com/LizardByte/Sunshine/pull/2365",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/pull/2365"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T17:59:28.747581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:00:09.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.10.0, \u003c 0.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T15:10:17.071Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m"
},
{
"name": "https://github.com/LizardByte/Sunshine/issues/2305",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/issues/2305"
},
{
"name": "https://github.com/LizardByte/Sunshine/pull/2365",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/pull/2365"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e"
}
],
"source": {
"advisory": "GHSA-v8gw-jw28-v55m",
"discovery": "UNKNOWN"
},
"title": "Clients removed during unpairing process may regain access if Sunshine was not restarted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31221",
"datePublished": "2024-04-08T15:10:17.071Z",
"dateReserved": "2024-03-29T14:16:31.901Z",
"dateUpdated": "2024-09-03T18:00:09.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53096
Vulnerability from cvelistv5
Published
2025-07-01 01:33
Modified
2025-07-01 13:21
Severity ?
EPSS score ?
Summary
Sunshine clickjacking in the UI leads to unauthorized actions being performed
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/LizardByte/Sunshine/security/advisories/GHSA-x97g-h2vp-g2c5 | x_refsource_CONFIRM | |
| https://github.com/LizardByte/Sunshine/commit/2f27a57d01911436017f87bf08b9e36dcfaa86cc | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:21:36.325765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:21:41.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003c 2025.628.4510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. If a user is tricked into interacting (one or multiple clicks) with the malicious page while authenticated, they may unknowingly perform actions within the Sunshine application without their consent. This issue has been patched in version 2025.628.4510."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T01:33:01.336Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-x97g-h2vp-g2c5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-x97g-h2vp-g2c5"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/2f27a57d01911436017f87bf08b9e36dcfaa86cc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/2f27a57d01911436017f87bf08b9e36dcfaa86cc"
}
],
"source": {
"advisory": "GHSA-x97g-h2vp-g2c5",
"discovery": "UNKNOWN"
},
"title": "Sunshine clickjacking in the UI leads to unauthorized actions being performed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53096",
"datePublished": "2025-07-01T01:33:01.336Z",
"dateReserved": "2025-06-25T13:41:23.086Z",
"dateUpdated": "2025-07-01T13:21:41.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53095
Vulnerability from cvelistv5
Published
2025-07-01 01:33
Modified
2025-07-01 13:21
Severity ?
EPSS score ?
Summary
Sunshine application-wide CSRF in the UI leads to command injection as Administrator
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/LizardByte/Sunshine/security/advisories/GHSA-39hj-fxvw-758m | x_refsource_CONFIRM | |
| https://github.com/LizardByte/Sunshine/commit/738ac93a0ec1cd10412d1f339968775f53bfefe0 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:21:05.692690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:21:15.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003c 2025.628.4510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can trigger unintended actions within the Sunshine application on behalf of that user. Specifically, since the application does OS command execution by design, this issue can be exploited to abuse the \"Command Preparations\" feature, enabling an attacker to inject arbitrary commands that will be executed with Administrator privileges when an application is launched. This issue has been patched in version 2025.628.4510."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T01:33:22.331Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-39hj-fxvw-758m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-39hj-fxvw-758m"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/738ac93a0ec1cd10412d1f339968775f53bfefe0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/738ac93a0ec1cd10412d1f339968775f53bfefe0"
}
],
"source": {
"advisory": "GHSA-39hj-fxvw-758m",
"discovery": "UNKNOWN"
},
"title": "Sunshine application-wide CSRF in the UI leads to command injection as Administrator"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53095",
"datePublished": "2025-07-01T01:33:22.331Z",
"dateReserved": "2025-06-25T13:41:23.086Z",
"dateUpdated": "2025-07-01T13:21:15.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45407
Vulnerability from cvelistv5
Published
2024-09-10 15:13
Modified
2024-09-10 16:12
Severity ?
EPSS score ?
Summary
Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:12:07.341939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:12:18.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003e= 5fcd07ecb1428bfe245ad6fa349aead476c7e772, \u003c fd7e68457a134102d1b30af5796c79f2aa623224"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300: Channel Accessible by Non-Endpoint",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:13:20.126Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-jqph-8cp5-g874",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-jqph-8cp5-g874"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/5fcd07ecb1428bfe245ad6fa349aead476c7e772",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/5fcd07ecb1428bfe245ad6fa349aead476c7e772"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/fd7e68457a134102d1b30af5796c79f2aa623224",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/fd7e68457a134102d1b30af5796c79f2aa623224"
}
],
"source": {
"advisory": "GHSA-jqph-8cp5-g874",
"discovery": "UNKNOWN"
},
"title": "Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45407",
"datePublished": "2024-09-10T15:13:20.126Z",
"dateReserved": "2024-08-28T20:21:32.804Z",
"dateUpdated": "2024-09-10T16:12:18.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31220
Vulnerability from cvelistv5
Published
2024-04-05 14:59
Modified
2024-08-02 01:46
Severity ?
EPSS score ?
Summary
Sunshine vulnerable to remote unauthenticated arbitrary file read
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/LizardByte/Sunshine/security/advisories/GHSA-6rg7-7m3w-w5wc | x_refsource_CONFIRM | |
| https://github.com/LizardByte/Sunshine/releases/tag/v0.18.0 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T19:25:09.102631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:28.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-6rg7-7m3w-w5wc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-6rg7-7m3w-w5wc"
},
{
"name": "https://github.com/LizardByte/Sunshine/releases/tag/v0.18.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/releases/tag/v0.18.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.16.0, \u003c 0.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T14:59:52.662Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-6rg7-7m3w-w5wc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-6rg7-7m3w-w5wc"
},
{
"name": "https://github.com/LizardByte/Sunshine/releases/tag/v0.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/releases/tag/v0.18.0"
}
],
"source": {
"advisory": "GHSA-6rg7-7m3w-w5wc",
"discovery": "UNKNOWN"
},
"title": "Sunshine vulnerable to remote unauthenticated arbitrary file read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31220",
"datePublished": "2024-04-05T14:59:52.662Z",
"dateReserved": "2024-03-29T14:16:31.901Z",
"dateUpdated": "2024-08-02T01:46:04.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31226
Vulnerability from cvelistv5
Published
2024-05-16 18:12
Modified
2024-08-15 14:28
Severity ?
EPSS score ?
Summary
Sunshine's unquoted executable path could lead to hijacked execution flow
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp | x_refsource_CONFIRM | |
| https://github.com/LizardByte/Sunshine/pull/2379 | x_refsource_MISC | |
| https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:04.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"
},
{
"name": "https://github.com/LizardByte/Sunshine/pull/2379",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/pull/2379"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sunshine",
"vendor": "lizardbyte",
"versions": [
{
"lessThan": "0.23",
"status": "affected",
"version": "0.17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T20:37:55.439986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:28:39.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.17.0, \u003c 0.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\\Program.exe`, `C:\\Program.bat`, or `C:\\Program.cmd` on the user\u0027s computer. This attack vector isn\u0027t exploitable unless the user has manually loosened ACLs on the system drive. If the user\u0027s system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428: Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T18:12:57.081Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"
},
{
"name": "https://github.com/LizardByte/Sunshine/pull/2379",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/pull/2379"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"
}
],
"source": {
"advisory": "GHSA-r3rw-mx4q-7vfp",
"discovery": "UNKNOWN"
},
"title": "Sunshine\u0027s unquoted executable path could lead to hijacked execution flow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31226",
"datePublished": "2024-05-16T18:12:57.081Z",
"dateReserved": "2024-03-29T14:16:31.902Z",
"dateUpdated": "2024-08-15T14:28:39.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-51738
Vulnerability from cvelistv5
Published
2025-01-20 15:26
Modified
2025-01-21 14:59
Severity ?
EPSS score ?
Summary
Sunshine improperly enforces pairing protocol request order
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499 | x_refsource_CONFIRM | |
| https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| LizardByte | Sunshine |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T14:59:20.927312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T14:59:35.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sunshine",
"vendor": "LizardByte",
"versions": [
{
"status": "affected",
"version": "\u003c 2025.118.151840"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine\u0027s pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-841",
"description": "CWE-841: Improper Enforcement of Behavioral Workflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T15:26:03.955Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499"
},
{
"name": "https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd"
}
],
"source": {
"advisory": "GHSA-3hrw-xv8h-9499",
"discovery": "UNKNOWN"
},
"title": "Sunshine improperly enforces pairing protocol request order"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51738",
"datePublished": "2025-01-20T15:26:03.955Z",
"dateReserved": "2024-10-31T14:12:45.788Z",
"dateUpdated": "2025-01-21T14:59:35.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}