CVE-2019-19833

Name of the Vulnerable Software and Affected Versions Tautulli version 2.1.9

Description The issue allows an attacker to shut down a remote media server due to a CSRF vulnerability in the "/shutdown" API endpoint. Additionally, anonymous access can be achieved in applications lacking a user login area.

Recommendations For Tautulli version 2.1.9, consider disabling access to the "/shutdown" API endpoint until a patch is available to prevent unauthorized shutdown of the media server. Restrict access to the application to minimize the risk of anonymous access in cases where a user login area is not present.