PT-2024-23863 · Sunshine · Sunshine
Matheusjcastro
·
Published
2024-04-08
·
Updated
2024-04-08
·
CVE-2024-31221
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Sunshine versions 0.10.0 through 0.22.x
Description
The issue affects Sunshine, a self-hosted game stream host for Moonlight. After unpairing all devices in the web UI interface and then pairing only one device, all of the previously paired devices will be temporarily paired. This issue is resolved in version 0.23.0. As a workaround, restarting Sunshine after unpairing all devices prevents the issue.
Recommendations
For versions 0.10.0 through 0.22.x, update to version 0.23.0 to resolve the issue.
As a temporary workaround for versions 0.10.0 through 0.22.x, consider restarting Sunshine after unpairing all devices to prevent the issue.
Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sunshine