Ant Media Server · Ant Media Server Community Edition · CVE-2024-3462
**Name of the Vulnerable Software and Affected Versions**
Ant Media Server Community Edition versions prior to 2.9.0
**Description**
The issue is related to an improper HTTP header based authorization, allowing the use of non-administrative API calls reserved for authorized users.
**Recommendations**
For versions prior to 2.9.0, consider restricting access to API endpoints until a patch is available. As a temporary workaround, review and limit the use of HTTP headers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.