CVE-2023-45670

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.13.0 Beta 3

Description Frigate is an open source network video recorder. The config/save and config/set endpoints of Frigate do not implement any CSRF protection, making it possible for a request sourced from another site to update the configuration of the Frigate server. Exploiting this issue requires the attacker to know specific information about a user's Frigate server and to trick an authenticated user into clicking a specially crafted link to their Frigate instance. This can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration.

Recommendations For Frigate versions prior to 0.13.0 Beta 3, update to version 0.13.0 Beta 3 to resolve the issue. As a temporary workaround, consider restricting access to the config/save and config/set endpoints to minimize the risk of exploitation. Avoid exposing the Frigate server to the internet, even with authentication, and ensure that only trusted users have access to the server.